LNMP一键安装的运行环境drupal8的nginx配置规则

LNMP一键安装包是一个用Linux Shell编写的可以为CentOS/RHEL/Fedora/Aliyun/Amazon、Debian/Ubuntu/Raspbian/Deepin/Mint Linux VPS或独立主机安装LNMP(Nginx/MySQL/PHP)、LNMPA(Nginx/MySQL/PHP/Apache)、LAMP(Apache/MySQL/PHP)生产环境的Shell程序,由于其无需一个一个的输入命令,无需值守,编译安装优化编译参数,提高性能,解决不必要的软件间依赖,特别针对配置自动优化的特征拥有一大批用户,本文介绍lnmp环境下运行drupal8nginx配置文件。

打开网站的配置文件,默认路径为:虚拟主机配置文件在:/usr/local/nginx/conf/vhost/域名.conf

以www.ttkkw.com为例 ,配置文件路径为/usr/local/nginx/conf/vhost/www.ttkkw.com.conf ,打开后可以看到默认的nginx配置文件为:

server

{

listen 80;

#listen [::]:80;

server_name www.ttkkw.com ttkkw.com;

return 301 https://www.ttkkw.com$request_uri;

index index.html index.htm index.php default.html default.htm default.php;

root /home/wwwroot/www.ttkkw.com;

include rewrite/other.conf;

#error_page 404 /404.html;

# Deny access to PHP files in specific directory

#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

include enable-php-pathinfo.conf;

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$

{

expires 30d;

}

location ~ .*\.(js|css)?$

{

expires 12h;

}

location ~ /.well-known {

allow all;

}

location ~ /\.

{

deny all;

}

access_log /home/wwwlogs/www.ttkkw.com.log;

}

server

{

listen 443 ssl http2;

#listen [::]:443 ssl http2;

server_name www.ttkkw.com yaoshoulu.com;

index index.html index.htm index.php default.html default.htm default.php;

root /home/wwwroot/www.ttkkw.com;

location / {

index index.html index.php;

if (-f $request_filename/index.html){

rewrite (.*) $1/index.html break;

}

if (-f $request_filename/index.php){

rewrite (.*) $1/index.php;

}

if (!-f $request_filename){

rewrite (.*) /index.php;

}

}

ssl on;

ssl_certificate /usr/local/nginx/conf/ssl/www.ttkkw.com/fullchain.cer;

ssl_certificate_key /usr/local/nginx/conf/ssl/www.ttkkw.com/www.ttkkw.com.key;

ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";

ssl_session_cache builtin:1000 shared:SSL:10m;

# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048

ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

 

include rewrite/other.conf;

#error_page 404 /404.html;

# Deny access to PHP files in specific directory

#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

include enable-php-pathinfo.conf;

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$

{

expires 30d;

}

location ~ .*\.(js|css)?$

{

expires 12h;

}

location ~ /.well-known {

allow all;

}

location ~ /\.

{

deny all;

}

access_log /home/wwwlogs/www.ttkkw.com.log;

}

修改成drupal8的nginx配置规则后为:

server {

listen 80;

#listen [::]:80;

server_name www.www.ttkkw.com www.ttkkw.com;

index index.html index.htm index.php default.html default.htm default.php;

root /home/wwwroot/www.ttkkw.com;

include rewrite/other.conf;

#error_page 404 /404.html;

# Deny access to PHP files in specific directory

#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

include enable-php.conf;

location = /favicon.ico {

log_not_found off;

access_log off;

}

location = /robots.txt {

allow all;

log_not_found off;

access_log off;

}

# Very rarely should these ever be accessed outside of your lan

location ~* \.(txt|log)$ {

allow 192.168.0.0/16;

deny all;

}

location ~ \..*/.*\.php$ {

return 403;

}

location ~ ^/sites/.*/private/ {

return 403;

}

# Allow "Well-Known URIs" as per RFC 5785

location ~* ^/.well-known/ {

allow all;

}

# Block access to "hidden" files and directories whose names begin with a

# period. This includes directories used by version control systems such

# as Subversion or Git to store control files.

location ~ (^|/)\. {

return 403;

}

location / {

# try_files $uri @rewrite; # For Drupal <= 6

try_files $uri /index.php?$query_string; # For Drupal >= 7

}

location @rewrite {

rewrite ^/(.*)$ /index.php?q=$1;

}

# Don't allow direct access to PHP files in the vendor directory.

location ~ /vendor/.*\.php$ {

deny all;

return 404;

}

# In Drupal 8, we must also match new paths where the '.php' appears in

# the middle, such as update.php/selection. The rule we use is strict,

# and only allows this pattern with the update.php front controller.

# This allows legacy path aliases in the form of

# blog/index.php/legacy-path to continue to route to Drupal nodes. If

# you do not have any paths like that, then you might prefer to use a

# laxer rule, such as:

# location ~ \.php(/|$) {

# The laxer rule will continue to work if Drupal uses this new URL

# pattern with front controllers other than update.php in a future

# release.

location ~ '\.php$|^/update.php' {

fastcgi_split_path_info ^(.+?\.php)(|/.*)$;

# Security note: If you're running a version of PHP older than the

# latest 5.3, you should have "cgi.fix_pathinfo = 0;" in php.ini.

# See http://serverfault.com/q/627903/94922 for details.

include fastcgi_params;

# Block httpoxy attacks. See https://httpoxy.org/.

fastcgi_param HTTP_PROXY "";

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

fastcgi_param PATH_INFO $fastcgi_path_info;

fastcgi_param QUERY_STRING $query_string;

fastcgi_intercept_errors on;

# PHP 5 socket location.

#fastcgi_pass unix:/var/run/php5-fpm.sock;

# PHP 7 socket location.

#fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;

}

# Fighting with Styles? This little gem is amazing.

# location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6

location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7

try_files $uri @rewrite;

}

# Handle private files through Drupal. Private file's path can come

# with a language prefix.

location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7

try_files $uri /index.php?$query_string;

}

location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {

expires max;

log_not_found off;

}

}

server {

listen 443 ssl http2;

#listen [::]:443 ssl http2;

server_name www.www.ttkkw.com www.ttkkw.com;

index index.html index.htm index.php default.html default.htm default.php;

root /home/wwwroot/www.ttkkw.com;

ssl on;

ssl_certificate /usr/local/nginx/conf/ssl/www.www.ttkkw.com/fullchain.cer;

ssl_certificate_key /usr/local/nginx/conf/ssl/www.www.ttkkw.com/www.www.ttkkw.com.key;

ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";

ssl_session_cache builtin:1000 shared:SSL:10m;

# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048

ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

include rewrite/other.conf;

#error_page 404 /404.html;

# Deny access to PHP files in specific directory

#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

include enable-php.conf;

location = /favicon.ico {

log_not_found off;

access_log off;

}

location = /robots.txt {

allow all;

log_not_found off;

access_log off;

}

# Very rarely should these ever be accessed outside of your lan

location ~* \.(txt|log)$ {

allow 192.168.0.0/16;

deny all;

}

location ~ \..*/.*\.php$ {

return 403;

}

location ~ ^/sites/.*/private/ {

return 403;

}

# Allow "Well-Known URIs" as per RFC 5785

location ~* ^/.well-known/ {

allow all;

}

# Block access to "hidden" files and directories whose names begin with a

# period. This includes directories used by version control systems such

# as Subversion or Git to store control files.

location ~ (^|/)\. {

return 403;

}

location / {

# try_files $uri @rewrite; # For Drupal <= 6

try_files $uri /index.php?$query_string; # For Drupal >= 7

}

location @rewrite {

rewrite ^/(.*)$ /index.php?q=$1;

}

# Don't allow direct access to PHP files in the vendor directory.

location ~ /vendor/.*\.php$ {

deny all;

return 404;

}

# In Drupal 8, we must also match new paths where the '.php' appears in

# the middle, such as update.php/selection. The rule we use is strict,

# and only allows this pattern with the update.php front controller.

# This allows legacy path aliases in the form of

# blog/index.php/legacy-path to continue to route to Drupal nodes. If

# you do not have any paths like that, then you might prefer to use a

# laxer rule, such as:

# location ~ \.php(/|$) {

# The laxer rule will continue to work if Drupal uses this new URL

# pattern with front controllers other than update.php in a future

# release.

location ~ '\.php$|^/update.php' {

fastcgi_split_path_info ^(.+?\.php)(|/.*)$;

# Security note: If you're running a version of PHP older than the

# latest 5.3, you should have "cgi.fix_pathinfo = 0;" in php.ini.

# See http://serverfault.com/q/627903/94922 for details.

include fastcgi_params;

# Block httpoxy attacks. See https://httpoxy.org/.

fastcgi_param HTTP_PROXY "";

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

fastcgi_param PATH_INFO $fastcgi_path_info;

fastcgi_param QUERY_STRING $query_string;

fastcgi_intercept_errors on;

# PHP 5 socket location.

#fastcgi_pass unix:/var/run/php5-fpm.sock;

# PHP 7 socket location.

#fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;

}

# Fighting with Styles? This little gem is amazing.

# location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6

location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7

try_files $uri @rewrite;

}

# Handle private files through Drupal. Private file's path can come

# with a language prefix.

location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7

try_files $uri /index.php?$query_string;

}

location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {

expires max;

log_not_found off;

}

}

如果文章对你有帮助,请赞赏支持本站发展!

发表评论

此字段内容将保密,不会被其他人看见。