nginx 模板#nginx
server {
listen 80;
server_name cibiji.com;
root /data/www/cibiji.com;
#charset koi8-r;
access_log /data/logs/cibiji.access.log;
#access_log "pipe:rollback logs/host.access_log interval=1d baknum=7 maxsize=2G" main;
location / {
root /data/www/cibiji.com;
index index.php index.html index.htm;
}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?$1 last;
break;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
# 防盗链
location ~ .(png|gif|jpe?g)$ {
valid_referers none blocked cibiji.com *.cibiji.com;
if ($invalid_referer) {
return 403;
}
}
location ~* /(cache|uploads)/.*.(php|jsp|pl|py|asp|cgi|sh)$ {
return 403;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/cibiji.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cibiji.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
#Redirect non-https traffic to https
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}