-
Notifications
You must be signed in to change notification settings - Fork 1
/
domain(Nginx).conf
176 lines (144 loc) · 5.2 KB
/
domain(Nginx).conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
#■■■■■■■■■■■■■■■■■■■■■■■
# Nginx 서버설정 - 참고사항
#■■■■■■■■■■■■■■■■■■■■■■■
server {
client_max_body_size 8M;
################################
# https(ssl) 접속 관련
################################
# listen 아이피주소:443 ssl ;
################################
server_name gajija.kr www.gajija.kr;
root 홈페이지-디렉토리-Full경로;
access_log /var/log/nginx/도메인주소.access.log;
error_log /var/log/nginx/도메인주소.error.log;
if ( $host !~ ^www\. ) {
return 301 $scheme://www.$host$request_uri;
#return 301 https://www.$host$request_uri;
}
# Redirect접속 : http -> https 접속
#Redirect non-https traffic to https
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
# Block dot file (.htaccess .htpasswd .svn .git .env and so on.)
location ~ /\. {
deny all;
}
# Block (log file, binary, certificate, shell script, sql dump file) access.
location ~* \.(log|binary|pem|enc|crt|conf|cnf|sql|sh|key|htm|html)$ {
deny all;
}
# Block access
location ~* (composer\.json|contributing\.md|license\.txt|readme\.rst|readme\.md|readme\.txt|copyright|artisan|gulpfile\.js|package\.json|phpunit\.xml)$ {
deny all;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(png|jpg|jpeg|gif|ico|gz|svg|svgz|ogg|mp4|webm|ogv|htc|cur)$ {
#expires max;
expires 3M;
access_log off;
log_not_found off;
# no cache #
#add_header Last-Modified public;
#add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
#if_modified_since off;
#expires off;
#etag off;
}
location ~* \.(css|js)$ {
expires max;
#expires 1M;
#expires -1;
# no cache
#add_header Last-Modified public;
#add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
#if_modified_since off;
#expires off;
#etag off;
}
location / {
index index.php index.html;
try_files $uri $uri/ /index.php?$query_string;
# 연결제한
limit_conn conn_limit_per_ip 10;
# 단일 IP요청 10개까지 queue에 보관. 요청이 brust 넘어갈 경우 503에러 반환
limit_req zone=req_limit_per_ip burst=10 nodelay;
}
set $no_cache 1;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
#add_header X-Cache $upstream_cache_status;
#fastcgi_cache shop.smartlab.co.kr;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
# no cache
#add_header Last-Modified public;
#add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
#if_modified_since off;
#expires off;
#etag off;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
## ★★ php버전에 맞게 수정 (/run/php/php7.0-fpm.sock)
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location @fallback {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
## ★★ php버전에 맞게 수정 (/run/php/php7.0-fpm.sock)
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root;
include fastcgi_params;
}
#location ~ /\.ht {
# deny all;
#}
########################################################
gzip on;
gzip_static on;
gzip_comp_level 2;
gzip_disable "msie6";
gzip_proxied any;
gzip_types
application/javascript
application/json
application/vnd.ms-fontobject
application/x-font-ttf
application/rss+xml
application/atom+xml
image/svg+xml
text/css
text/javascript
text/plain
text/xml
text/x-component
font/truetype
font/opentype
gzip_vary on;
# allow the server to close connection on non responding client, this will free up memory
reset_timedout_connection on;
listen 80;
#############################
# https 접속관련 예제 인증서(letsencrypt)
#############################
listen 아이피주소:443 ssl ;
ssl_certificate /etc/letsencrypt/live/도메인주소/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/도메인주소/privkey.pem; # managed by Certbot
ssl_protocols TLSv1.2;
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
#ssl on;
#############################