nginx的一般配置

本文最后更新于 2024年6月25日 早上

http,用户密码,端口转发的配置,万年改一次,方便直接来复制

htpps

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
server {
   listen 443;
   server_name kala.love;
   ssl on;
   root /var/www/moe;
   index index.html index.htm;

   ssl_certificate  /root/https_nginx/kala.love_bundle.crt;
   ssl_certificate_key /root/https_nginx/kala.love.key;
   ssl_session_timeout 5m;
   ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_prefer_server_ciphers on;
   location / {
      index index.html index.htm;
   }
}
# 80->433
server {
   listen 80;
   server_name kala.love;
   rewrite ^(.*)$ https://$host$1 permanent;
}

设置访问密码

1 安装

1
sudo apt-get install apache2-utils

2 创建用户

1
sudo htpasswd -c /etc/nginx/.htpasswd fff

之后安装提示输入密码

3 修改nginx配置

1
sudo vim /etc/nginx/sites-available/default.conf

添加:

1
2
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;

完整示例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
server {
   listen 443;
   server_name doc.kala.love;
   ssl on;
   root /var/www/doc;
   index index.html index.htm;

   auth_basic "Restricted";
   auth_basic_user_file /etc/nginx/.htpasswd;

   ssl_certificate  /root/https_nginx/doc.kala.love_bundle.crt;
   ssl_certificate_key /root/https_nginx/doc.kala.love.key;
   ssl_session_timeout 5m;
   ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_prefer_server_ciphers on;
   location / {
      index index.html index.htm;
   }
}

4 重启nginx

1
sudo /etc/init.d/nginx reload

端口转发

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
server{
   listen 80;
   server_name pan.kala.love;
   rewrite ^(.*)$ https://$host$1 permanent;
}

server {
   listen 443;
   server_name pan.kala.love;
   ssl on;

   ssl_certificate  /root/https_nginx/pan.kala.love_bundle.crt;
   ssl_certificate_key /root/https_nginx/pan.kala.love.key;
   ssl_session_timeout 5m;
   ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_prefer_server_ciphers on;
   location / {
        proxy_pass http://localhost:9999/;
        proxy_redirect default;
   }
}
技术类
#web
nginx的一般配置
https://blog.kala.love/posts/b49b782/
作者
久远·卡拉
发布于
2022年3月23日
许可协议