yunzerwebsite/tp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2a6b14f698
tp/docs/nginx/dh2fun.md
李志强 b3a25ceb82 增加产品模块
2026-03-20 19:48:32 +08:00

126 lines
4.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

server
{
listen 80;
listen 443 ssl;
listen 443 quic;
http2 on;
server_name dh2.fun ~^(?<subdomain>.+)\.dh2\.fun$;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/api.yunzer.cn/public;
#CERT-APPLY-CHECK--START
include /www/server/panel/vhost/nginx/well-known/dh2.fun.conf;
#CERT-APPLY-CHECK--END
include /www/server/panel/vhost/nginx/extension/dh2.fun/*.conf;
# 根目录的 *.html 和 *.php交给 ThinkPHP 处理
location ~* ^/(.+\.(html|php))$ {
try_files $uri /index.php?$query_string;
}
# 所有 /themes/... 直接当静态文件返回(模板静态资源)
location ^~ /themes/ {
root /www/wwwroot/api.yunzer.cn/public;
try_files $uri $uri/ =404;
expires 12h;
access_log off;
}
# /template1..100/... 预览入口
location ~ ^/(template(?:[1-9]\d?|100))/(.*)$ {
alias /www/wwwroot/api.yunzer.cn/public/themes/$1/$2;
try_files $uri $uri/ =404;
expires 12h;
access_log off;
}
#SSL-START SSL相关配置请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
set $isRedcert 1;
if ($server_port != 443) {
set $isRedcert 2;
}
if ( $uri ~ /\.well-known/ ) {
set $isRedcert 1;
}
if ($isRedcert != 1) {
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/dh2.fun/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/dh2.fun/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_tickets on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
add_header Alt-Svc 'quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"';
error_page 497 https://$host$request_uri;
#SSL-END
#ERROR-PAGE-START 错误页配置,可以注释、删除或修改
error_page 404 /404.html;
#ERROR-PAGE-END
#PHP-INFO-START PHP引用配置可以注释或修改
include enable-php-82.conf;
#PHP-INFO-END
#REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
include /www/server/panel/vhost/rewrite/dh2.fun.conf;
#REWRITE-END
# 禁止访问的敏感文件
location ~* (\.user.ini|\.htaccess|\.htpasswd|\.env.*|\.project|\.bashrc|\.bash_profile|\.bash_logout|\.DS_Store|\.gitignore|\.gitattributes|LICENSE|README\.md|CLAUDE\.md|CHANGELOG\.md|CHANGELOG|CONTRIBUTING\.md|TODO\.md|FAQ\.md|composer\.json|composer\.lock|package(-lock)?\.json|yarn\.lock|pnpm-lock\.yaml|\.\w+~|\.swp|\.swo|\.bak(up)?|\.old|\.tmp|\.temp|\.log|\.sql(\.gz)?|docker-compose\.yml|docker\.env|Dockerfile|\.csproj|\.sln|Cargo\.toml|Cargo\.lock|go\.mod|go\.sum|phpunit\.xml|phpunit\.xml|pom\.xml|build\.gradl|pyproject\.toml|requirements\.txt|application(-\w+)?\.(ya?ml|properties))$
{
return 404;
}
# 禁止访问的敏感目录
location ~* /(\.git|\.svn|\.bzr|\.vscode|\.claude|\.idea|\.ssh|\.github|\.npm|\.yarn|\.pnpm|\.cache|\.husky|\.turbo|\.next|\.nuxt|node_modules|runtime)/ {
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
#禁止在证书验证目录放入敏感文件
if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
return 403;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log /dev/null;
access_log /dev/null;
}
location ~ .*\.(js|css)?$
{
expires 12h;
error_log /dev/null;
access_log /dev/null;
}
# PHP 解析 + 传递子域名参数
location ~ [^/]\.php(/|$) {
include enable-php-82.conf;
fastcgi_param HTTP_SUBDOMAIN $subdomain;
fastcgi_param HTTP_MAIN_DOMAIN dh2.fun;
}
# TP路由重写
if (!-e $request_filename) {
# 将原始 URI 追加到 /index.php 后面,让 ThinkPHP 从 pathinfo 里拿到 :page
rewrite ^(.*)$ /index.php$1$is_args$args last;
}
access_log /www/wwwlogs/dh2.fun.log;
error_log /www/wwwlogs/dh2.fun.error.log;
}
Reference in New Issue View Git Blame Copy Permalink