nginx.conf

load_module modules/ngx_http_js_module.so;

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
#pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                     '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;
    #keepalive_timeout  0;
    keepalive_timeout  65;

    # gzip  on;

    # Naxsi 引用核心规则
    include /usr/local/nginx/conf/naxsi/naxsi_core.rules;

    # 限制单IP并发访问数量
    limit_conn_zone $binary_remote_addr zone=test1_conn:10m;
    limit_req_zone $binary_remote_addr zone=test1_req:10m rate=15r/s;

    # Njs 配置
    js_path '/usr/local/nginx/conf/njs/';
    js_import 'test.js';
    js_import dreamer from auth.js;

    server {
        listen 80;
        server_name  localhost;
        location / {
            return 403;
            # root   html;
            root   /data/www/localhost;
            index  index.html index.htm;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

    # ngtwewy
    server {
       listen 443 ssl;
       server_name  localhost;

       fastcgi_param HTTPS on;
        fastcgi_param HTTP_SCHEME https;
        ssl_certificate      /data/www/_ssl/server_ssl/server.crt;
        ssl_certificate_key  /data/www/_ssl/server_ssl/server.key;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

       location / {
           return 403;
       }
    }

    include /usr/local/nginx/conf/conf.d/*.conf;
}

一个虚拟主机的配置文件：

server {
    listen 80;
    server_name test.cn www.test.cn;
    rewrite ^(.*)$ https://www.test.cn$1 permanent;
}


server {
    listen 443;
    server_name test.cn www.test.cn;
    root /data/www/cn_test;
    index index.php index.html index.htm;
    charset utf-8;
    access_log logs/cn_test.access.log;
    error_log logs/cn_test.error.log;
    
    # 跳转
    if ($host != 'www.test.cn' ) {
        rewrite ^/(.*)$ https://www.test.cn/$1 permanent; 
    } 

    # 限速
    limit_conn test1_conn 10;
    limit_req zone=test1_req burst=70;

    # 开启 SSL
    fastcgi_param HTTPS on;
    fastcgi_param HTTP_SCHEME https;
    ssl_certificate      /data/www/_ssl/cn_test/cert.pem;
    ssl_certificate_key  /data/www/_ssl/cn_test/cert.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    # Add trailing slash to */wp-admin requests.
    rewrite /wp-admin$ $scheme://$host$uri/ permanent;

    location / {
        #LearningMode;
        include /usr/local/nginx/conf/naxsi/ngtwewy-create.rules;

        try_files $uri $uri/ /index.php?$args;
    }

    location /RequestDenied {
        return 403;
    }

    # 不存在的文件不显示路由错误信息
    location ~ .*\.(gif|jpg|jpeg|bmp|png|ico|txt|js|css|svg)$ {
        root /data/www/cn_test;
    }

    location ~ \.php$ {
        #LearningMode;
        include /usr/local/nginx/conf/naxsi/ngtwewy-create.rules;


        fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        fastcgi_param PHP_VALUE "open_basedir=/data/www/cn_test/:/tmp/:/proc/";
        include fastcgi_params;
    }
    
    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }
}

修改时间 2023-12-07