Ubuntu 配置Nginx 2024-06-10 2024-06-10
生成SSL证书 生成命令 1
sudo certbot certonly --nginx --nginx-server-root /www/server/nginx/conf -w /www/wwwroot/example.com -d example.com -d www.example.com
重新生成命令 1
sudo certbot renew --dry-run --nginx-server-root /www/server/nginx/conf
由于会自动过期,所以将重新生成命令添加到定时脚本中 1
2
3
4
sudo crontab -e
# 添加下面任务
15 2 * */2 * certbot renew --dry-run --nginx-server-root /www/server/nginx/conf --pre-hook "service nginx stop" --post-hook "service nginx start"
将nginx加入到随服务器启动 添加nginx服务 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
sudo vim /lib/systemd/system/nginx.service
# 添加下面配置
[ Unit]
Description = A high performance web server and a reverse proxy server
After = network.target
[ Service]
Type = forking
PIDFile = /www/server/nginx/logs/nginx.pid
ExecStart = /www/server/nginx/sbin/nginx -c /www/server/nginx/conf/nginx.conf
ExecReload = /www/server/nginx/sbin/nginx -s reload
ExecStop = /www/server/nginx/sbin/nginx -s quiet
TimeoutStopSec = 5
KillMode = mixed
[ Install]
WantedBy = multi-user.target
允许自启动 1
sudo systemctl enable nginx.service
查看启动状态 1
sudo systemctl status nginx.service
nginx 配置参考 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
server
{
listen 80;
listen 443 ssl;
server_name example.com www.example.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/example.com/public;
#error_page 404/404.html;
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
# 改成上面生成的证书路径
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
error_page 404 /404.html;
error_page 502 /502.html;
location ~ [^/]\.php(/|$)
{
try_files $uri =404;
fastcgi_pass 127.0.0.1:9003;
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_index index.php;
# include fastcgi.conf;
include fastcgi_params;
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
set $real_script_name $1;
set $path_info $2;
}
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_buffering off;
}
location / {
try_files $uri $uri/ /index.php$is_args$query_string;
}
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
location ~ \.well-known{
allow all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log off;
access_log off;
}
location ~ .*\.(js|css)?$
{
expires 12h;
error_log off;
access_log off;
}
access_log /www/wwwlogs/example.com.log;
error_log /www/wwwlogs/example.com.error.log;
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
server {
listen 80;
server_name my_vue3_backend.com www.my_vue3_backend.com;
index index.php index.html index.htm default.php default.htm default.html;
root /mnt/h/workspace/php/vue3-backend/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffering off;
}
location ~ /\.(?!well-known).* {
deny all;
}
access_log /mnt/h/wsl/nginx/logs/my_vue3_backend.com.log;
error_log /mnt/h/wsl/nginx/logs/my_vue3_backend.com.error.log;
}
php 重启 通过 php-fpm.conf查找pid文件,比如 /var/php/74/var/run/php-fpm.pid 1
kill -SIGUSR2 ` cat /var/php/74/var/run/php-fpm.pid`
参考 