Nginx下Typecho启用伪静态和SSL证书
支持伪静态
为了使typecho支持伪静态,即访问文章时浏览器路径不显示index.php
,我们可以在nginx
配置文件中按照下面设置方法进行设置:
location / {
index index.html index.php;
if (-f $request_filename/index.html) {
rewrite (.*) $1/index.html break;
}
if (-f $request_filename/index.php) {
rewrite (.*) $1/index.php;
}
if (!-f $request_filename) {
rewrite (.*) /index.php;
}
}
支持SSL
前提先准备好自己ssl
证书。(可以通过Let's Encrypt
申请免费的证书)。
nginx配置文件配置
server {
listen 80;
server_name www.domain.com;
## 301 跳转到https
return 301 https://$host$request_uri;
}
server {
server_name www.domain.com;
root /var/www/project;
index index.php index.html index.htm;
location ~* \.(gif|jpg|png|jpeg|ico)$ {
expires max;
}
## 支持伪静态
location / {
index index.html index.php;
if (-f $request_filename/index.html) {
rewrite (.*) $1/index.html break;
}
if (-f $request_filename/index.php) {
rewrite (.*) $1/index.php;
}
if (!-f $request_filename) {
rewrite (.*) /index.php;
}
}
location ~ .*\.php(\/.*)*$ {
# fastcgi_index index.php;
include snippets/fastcgi-php.conf;
fastcgi_pass 127.0.0.1:9000;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# include fastcgi_params;
}
listen 443 ssl;
ssl_certificate cert/domain.com.cert;
ssl_certificate_key cert/domain.com.key;
include cert/options-ssl-nginx.conf;
ssl_dhparam cert/ssl-dhparams.pem;
}
上面的options-ssl-nginx.conf
内容为:
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";