详细如下:
server
{
listen 80;
server_name ********.com www.********.com ;
#rewrite ^(.*)$ https://********.com; #将所有HTTP请求通过rewrite指令重定向到HTTPS。
rewrite ^(.*)$ https://$host$1; #将所有HTTP请求通过rewrite指令重定向到HTTPS。
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/********.com;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=/$1 last;
}
include rewrite/wordpress.conf;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
include enable-php-pathinfo.conf;
location ~* ^.+\.(gif|jpg|jpeg|png|swf|flv|xlsx|xls|pdf|mp3|mp4|ogg|flav|wav|rar|zip)$ {
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
expires 30d;
access_log off;
# valid_referers none blocked www.********.com;
#if ($invalid_referer) {
# return 404;
# break;
#}
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
location ~ \.php(.*)$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi_params;
}
access_log /home/wwwlogs/www.********.com.log;
}
#以下属性中,以ssl开头的属性表示与证书配置有关。
server {
listen 443 ssl;
server_name ********.com; #需要将yourdomain.com替换成证书绑定的域名。
root /home/wwwroot/********.com; #站点目录
index index.html index.htm;
ssl_certificate cert/5829922_www.********.com.pem; #需要将cert-file-name.pem替换成已上传的证书文件的名称。
ssl_certificate_key cert/5829922_www.********.com.key; #需要将cert-file-name.key替换成已上传的证书密钥文件的名称。
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #表示使用的TLS协议的类型。
ssl_prefer_server_ciphers on;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=/$1 last;
}
include rewrite/wordpress.conf;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
include enable-php-pathinfo.conf;
location ~* ^.+\.(gif|jpg|jpeg|png|swf|flv|xlsx|xls|pdf|mp3|mp4|ogg|flav|wav|rar|zip)$ {
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
expires 30d;
access_log off;
# valid_referers none blocked www.********.com;
#if ($invalid_referer) {
# return 404;
# break;
#}
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
location ~ \.php(.*)$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi_params;
}
}