ini 使用强制SSL和www到非www重定向的ProcessWire的Nginx站点配置

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ini 使用强制SSL和www到非www重定向的ProcessWire的Nginx站点配置相关的知识,希望对你有一定的参考价值。

# nginx site config for processwire with forced SSL and www to non-redirect

# redirect from www to non-www forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
 server {
  server_name domain.com www.domain.com;
  return 301 https://$server_name$request_uri;
 }

server {
	listen 443 ssl;

	root /home/nginx/domains/domain.com/public;
	server_name domain.com www.domain.com;
	ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
	
  ##  redirect https www to https non-www
	if ($host = 'www.domain.com' ) {
		return 301 https://domain.com$request_uri;
	}

	client_max_body_size 50m;
	access_log /home/nginx/domains/domain.com/log/access.log;
	error_log /home/nginx/domains/domain.com/log/error.log;

	# -----------------------------------------------------------------------------------------------
	# Set default directory index files
	# -----------------------------------------------------------------------------------------------

	index index.php index.html index.htm;

	# -----------------------------------------------------------------------------------------------
	# Access Restrictions: Protect ProcessWire system files
	# -----------------------------------------------------------------------------------------------

	# Block access to ProcessWire system files
	location ~ \.(inc|info|module|sh|sql)$ {
		deny all;
	}

	# Block access to any file or directory that begins with a period
	location ~ /\. {
		deny all;
	}

	# Block access to protected assets directories
	location ~ ^/(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$) {
		deny all;
	}

	# Block acceess to the /site/install/ directory
	location ~ ^/(site|site-[^/]+)/install($|/.*$) {
		deny all;
	}

	# Block dirs in /site/assets/ dirs that start with a hyphen
	location ~ ^/(site|site-[^/]+)/assets.*/-.+/.* {
		deny all;
	}

	# Block access to /wire/config.php, /site/config.php, /site/config-dev.php, and /wire/index.config.php
	location ~ ^/(wire|site|site-[^/]+)/(config|index\.config|config-dev)\.php$ {
		deny all;
	}

	# Block access to any PHP-based files in /templates-admin/
	location ~ ^/(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP or markup files in /site/templates/
	location ~ ^/(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))$ {
		deny all;
	}

	# Block access to any PHP files in /site/assets/
	location ~ ^/(site|site-[^/]+)/assets($|/|/.*\.php)$ {
		deny all;
	}

	# Block access to any PHP files in core or core module directories
	location ~ ^/wire/(core|modules)/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any PHP files in /site/modules/
	location ~ ^/(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module)$ {
		deny all;
	}

	# Block access to any software identifying txt files
	location ~ ^/(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md)$ {
		deny all;
	}

	# Block all http access to the default/uninstalled site-default directory
	location ~ ^/site-default/ {
		deny all;
	}

	# -----------------------------------------------------------------------------------------------
	# If the request is for a static file, then set expires header and disable logging.
	# Give control to ProcessWire if the requested file or directory is non-existing.
	# -----------------------------------------------------------------------------------------------

	location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|eot|woff|ttf)$ {
		expires 24h;
		log_not_found off;
		access_log off;
		try_files $uri $uri/ /index.php?it=$uri&$args;
	}

	# -----------------------------------------------------------------------------------------------
	# This location processes all other requests. If the request is for a file or directory that
	# physically exists on the server, then load the file. Else give control to ProcessWire.
	# -----------------------------------------------------------------------------------------------

	location / {
		try_files $uri $uri/ /index.php?it=$uri&$args;
	}

	# -----------------------------------------------------------------------------------------------
	# Pass .php requests to fastcgi socket
	# -----------------------------------------------------------------------------------------------

	location ~ \.php$ {

		# Check if the requested PHP file actually exists for security
		try_files $uri =404;

		# Fix for server variables that behave differently under nginx/php-fpm than typically expected
		fastcgi_split_path_info ^(.+\.php)(/.+)$;

		# Set environment variables
		include fastcgi_params;
		fastcgi_param PATH_INFO $fastcgi_path_info;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

		# Pass request to php-fpm fastcgi socket
		#fastcgi_pass unix:/var/run/domain.com_fpm.sock;
		fastcgi_pass   127.0.0.1:9000;
	}
}

以上是关于ini 使用强制SSL和www到非www重定向的ProcessWire的Nginx站点配置的主要内容,如果未能解决你的问题,请参考以下文章

将 https 重定向到非 www 和 http 到 www

htaccess 强制 https 并将 www 重定向到非 www,但没有其他子域

将 ssl 重定向到非 ssl

OpenCart htaccess重定向到WWW和SSL

IIS 将 www 重定向到非 www 和 http 到 https:是不是可以仅使用一个重定向来完成?

apache vhosts https/ssl 子域始终重定向到非 https 主页面