Nginx 设置
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
##
# SSL Settings (global)
##
ssl_protocols TLSv1.2 TLSv1.3; # Recommended protocols
ssl_prefer_server_ciphers on;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
# Default server configuration for HTTP (redirect to HTTPS)
server {
listen 80 default_server;
server_name _;
location / {
return 301 https://$host$request_uri;
}
}
# Server configuration for HTTPS
server {
listen 443 ssl default_server;
server_name yuai.ink;
# SSL certificate files
ssl_certificate "/etc/nginx/conf.d/cert/yuai.ink.pem";
ssl_certificate_key "/etc/nginx/conf.d/cert/yuai.ink.key";
# Specific SSL settings for this server block
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5; # You may want to use a more specific and secure cipher suite
location / {
root html;
index index.html index.htm;
}
}
}
# Remove or comment out unused parts, such as the 'mail' block if not needed.添加了HTTP到HTTPS的重定向。确保你已经将SSL证书和私钥文件的路径替换成了你服务器上的实际路径。
在将这个配置保存到nginx.conf之后,使用以下命令测试配置是否正确:
sudo nginx -t如果测试成功,你将看到一条消息显示配置文件语法是正确的。然后,你可以重启Nginx以应用更改:
sudo systemctl restart nginx或者,如果你使用的不是systemctl来管理服务,你可以使用:
sudo service nginx restart或者直接重启Nginx进程:
sudo /etc/init.d/nginx restart请确保替换yuai.ink.pem和yuai.ink.key为你实际的证书和私钥文件路径,并且这些文件对www-data用户(或你的Nginx工作进程运行的用户)是可读的。如果文件权限不正确,Nginx可能无法启动或会显示错误。
本文是原创文章,采用 CC BY-NC-ND 4.0 协议,完整转载请注明来自 Yuai
