user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 300;
types_hash_max_size 2048;
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
client_max_body_size 20M;
limit_req_log_level notice;
limit_req_zone $binary_remote_addr zone=limit:10m rate=5r/s;
geo $white_ip {
ranges;
default 0;
127.0.0.1-127.0.0.255 1;
10.0.0.0-10.255.255.255 1;
172.16.0.0-172.31.255.255 1;
192.168.0.0-192.168.255.255 1;
}
limit_req_whitelist geo_var_name=white_ip geo_var_value=1;
server {
listen 443;
server_name www.mmbag88.cn ;
ssl on;
ssl_certificate /data/website/modstart/public/ssl/public.pem; #根据实际的路径和文件名配置
ssl_certificate_key /data/website/modstart/public/ssl/private.key; #根据实际的路径和文件名配置
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配
ssl_prefer_server_ciphers on;
charset utf-8;
index index.php index.html;
root /data/website/modstart/public;
autoindex off;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass ms_php56:9000;
fastcgi_index index.php;
fastcgi_param PHP_VALUE "open_basedir=/data/website/modstart/:/tmp/";
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ \.(gif|jpg|jpeg|png|bmp|ico|css|js)$ {
expires max;
}
location ~* \.(eot|ttf|woff|woff2)$ {
add_header Access-Control-Allow-Origin '*';
}
include error-page.conf;
}
server {
listen 80;
server_name www.mmbag88.cn ;
return 301 https://$server_name$request_uri;
}
}
浙公网安备 33010602011771号