本文详解讲解RichCMS与Nginx的配合使用,也会帖出本站使用的nginx配置文件,供参考。
一、为什么要使用Nginx
nginx是一个优秀的Web服务器,安装简单,性能优秀。可以使用nginx反向代理richcms的服务端口(默认5568)。
二、Nginx的配置文件
1. nginx.conf
文件地址:/etc/nginx/nginx.conf
user nginx;
worker_processes 2;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
multi_accept on;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
#关闭了访问日志,如果需要打开,设置为on
access_log off;
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
gzip on;
gzip_min_length 1k;
gzip_buffers 16 64k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types text/plain text/css application/json application/x-javascript text/xml;
gzip_vary on;
gzip_disable "MSIE [1-6].<?!.*SV1>";
client_max_body_size 50m; # request body 不超过50MB
include /etc/nginx/conf.d/*.conf;
}2. richcms.net.conf
文件地址:/etc/nginx/conf.d/richcms.net.conf
# http://richcms.net 到 https://www.richcms.net的跳转
server {
server_name richcms.net;
listen 80;
add_header Strict-Transport-Security max-age=15768000;
return 301 https://www.richcms.net$request_uri;
}
# https://richcms.net 到 https://www.richcms.net的跳转
server{
server_name richcms.net;
listen 443 ssl http2;
ssl_certificate /etc/nginx/conf.d/cert/richcms.net.pem;
ssl_certificate_key /etc/nginx/conf.d/cert/richcms.net.key;
add_header Sctict-Transport-Security max-mag=15768000;
return 301 https://www.richcms.net$request_uri;
}
# http://www.richcms.net 到 https://www.richcms.net的跳转
server {
server_name www.richcms.net;
return 301 https://www.richcms.net$request_uri;
}
server {
server_name www.richcms.net;
listen 443 ssl http2;
# 以下两个证书文件,请替换成自己的
ssl_certificate /etc/nginx/conf.d/cert/richcms.net.pem;
ssl_certificate_key /etc/nginx/conf.d/cert/richcms.net.key;
ssl_session_timeout 60m;
ssl_session_cache shared:SSL:20m;
ssl_buffer_size 8k;
ssl_session_tickets on;
ssl_stapling on;
ssl_stapling_verify on;
# 使用的ssl协议,推荐使用:TLSv1.1 TLSv1.2 TLSv1.3
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:!ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:!RC4-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!CBC:!EDH:!kEDH:!PSK:!SRP:!kECDH;
ssl_prefer_server_ciphers on;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
add_header Strict-Transport-Security max-age=15768000;
add_header X-Content-Type-Options nosniff;
add_header X-powered-by "richcms";
proxy_http_version 1.1;
proxy_read_timeout 3600s;
proxy_send_timeout 12s;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 8 1M;
proxy_busy_buffers_size 2M;
proxy_max_temp_file_size 1024m;
proxy_set_header Host $host;
# 反向代码 richcms服务的端口:5568
location /{
proxy_pass http://127.0.0.1:5568;
}
}以上文件,请可以根据你的实际情况,参考使用,关于nginx在各个操作系统上的安装,请自行查询。
