ini 使用强制SSL和www到非www重定向的ProcessWire的Nginx站点配置
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ini 使用强制SSL和www到非www重定向的ProcessWire的Nginx站点配置相关的知识,希望对你有一定的参考价值。
# nginx site config for processwire with forced SSL and www to non-redirect
# redirect from www to non-www forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
server {
server_name domain.com www.domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
root /home/nginx/domains/domain.com/public;
server_name domain.com www.domain.com;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
## redirect https www to https non-www
if ($host = 'www.domain.com' ) {
return 301 https://domain.com$request_uri;
}
client_max_body_size 50m;
access_log /home/nginx/domains/domain.com/log/access.log;
error_log /home/nginx/domains/domain.com/log/error.log;
# -----------------------------------------------------------------------------------------------
# Set default directory index files
# -----------------------------------------------------------------------------------------------
index index.php index.html index.htm;
# -----------------------------------------------------------------------------------------------
# Access Restrictions: Protect ProcessWire system files
# -----------------------------------------------------------------------------------------------
# Block access to ProcessWire system files
location ~ \.(inc|info|module|sh|sql)$ {
deny all;
}
# Block access to any file or directory that begins with a period
location ~ /\. {
deny all;
}
# Block access to protected assets directories
location ~ ^/(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$) {
deny all;
}
# Block acceess to the /site/install/ directory
location ~ ^/(site|site-[^/]+)/install($|/.*$) {
deny all;
}
# Block dirs in /site/assets/ dirs that start with a hyphen
location ~ ^/(site|site-[^/]+)/assets.*/-.+/.* {
deny all;
}
# Block access to /wire/config.php, /site/config.php, /site/config-dev.php, and /wire/index.config.php
location ~ ^/(wire|site|site-[^/]+)/(config|index\.config|config-dev)\.php$ {
deny all;
}
# Block access to any PHP-based files in /templates-admin/
location ~ ^/(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$ {
deny all;
}
# Block access to any PHP or markup files in /site/templates/
location ~ ^/(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))$ {
deny all;
}
# Block access to any PHP files in /site/assets/
location ~ ^/(site|site-[^/]+)/assets($|/|/.*\.php)$ {
deny all;
}
# Block access to any PHP files in core or core module directories
location ~ ^/wire/(core|modules)/.*\.(php|inc|tpl|module)$ {
deny all;
}
# Block access to any PHP files in /site/modules/
location ~ ^/(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module)$ {
deny all;
}
# Block access to any software identifying txt files
location ~ ^/(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md)$ {
deny all;
}
# Block all http access to the default/uninstalled site-default directory
location ~ ^/site-default/ {
deny all;
}
# -----------------------------------------------------------------------------------------------
# If the request is for a static file, then set expires header and disable logging.
# Give control to ProcessWire if the requested file or directory is non-existing.
# -----------------------------------------------------------------------------------------------
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|eot|woff|ttf)$ {
expires 24h;
log_not_found off;
access_log off;
try_files $uri $uri/ /index.php?it=$uri&$args;
}
# -----------------------------------------------------------------------------------------------
# This location processes all other requests. If the request is for a file or directory that
# physically exists on the server, then load the file. Else give control to ProcessWire.
# -----------------------------------------------------------------------------------------------
location / {
try_files $uri $uri/ /index.php?it=$uri&$args;
}
# -----------------------------------------------------------------------------------------------
# Pass .php requests to fastcgi socket
# -----------------------------------------------------------------------------------------------
location ~ \.php$ {
# Check if the requested PHP file actually exists for security
try_files $uri =404;
# Fix for server variables that behave differently under nginx/php-fpm than typically expected
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Set environment variables
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# Pass request to php-fpm fastcgi socket
#fastcgi_pass unix:/var/run/domain.com_fpm.sock;
fastcgi_pass 127.0.0.1:9000;
}
}
以上是关于ini 使用强制SSL和www到非www重定向的ProcessWire的Nginx站点配置的主要内容,如果未能解决你的问题,请参考以下文章
将 https 重定向到非 www 和 http 到 www
htaccess 强制 https 并将 www 重定向到非 www,但没有其他子域