nginx + php + https 配置用例

# 启动服务的用户和组
user lighttpd lighttpd;

# 开多少进程
worker_processes 2;

# 错误日志
error_log /data/log/nginx/nginx_error/nginx_error.log crit;

# pid
pid        /var/run/nginx.pid;

#Specifies the value for maximum
file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;

events
{

    use epoll;

    worker_connections 51200;
}

http
{

    # 开两 php-cgi 服务，端口连接方式速度快，socket方式稳定
    # 使用
lighttpd 的 spawn-fcgi 起的fast-cgi
    # weight
是设置权重
    upstream phpfastcgi {

        server unix:/tmp/php-fastcgi0.sock weight=1;

        server unix:/tmp/php-fastcgi1.sock weight=1;

        # server 127.0.0.1:8000  
weight=1;
        # server
127.0.0.1:8001   weight=1;
    }

    # mime 类型 和 默认 header-type
    include       mime.types;

    default_type application/octet-stream;

    # 默认 header-charset
    charset utf-8;

    # 一些限制
    server_names_hash_bucket_size 128;

    client_header_buffer_size 32k;

    large_client_header_buffers 4 32k;

    client_max_body_size 8m;

    # sendfile 应该是 lighttpd
的 sendfile 是一个意思
    sendfile on;

    tcp_nopush     on;

    keepalive_timeout 60;

    tcp_nodelay on;

    # fastcgi 配置
    fastcgi_connect_timeout 300;

    fastcgi_send_timeout 300;

    fastcgi_read_timeout 300;

    fastcgi_buffer_size 64k;

    fastcgi_buffers 4 64k;

    fastcgi_busy_buffers_size 128k;

    fastcgi_temp_file_write_size 128k;

    # 开启gzip
    gzip on;

    gzip_min_length 1k;

    gzip_buffers     4 16k;

    gzip_http_version 1.0;

    gzip_comp_level 2;

    gzip_types       text/plain application/x-javascript text/css application/xml;

    gzip_vary on;

    #limit_zone crawler $binary_remote_addr
10m;

    # 定义日志格式
    log_format access '$remote_addr - $remote_user [$time_local] "$request" '

                        '$status $body_bytes_sent "$http_referer" '

                        '"$http_user_agent" $http_x_forwarded_for';

    # 定义一个虚拟机
    server

    {

        # 监听端口
        listen       80;

        # 虚拟机名
        server_name klpt-test.domain.com;

        # 如打开的是一个目录，默认的搜索文件的顺序
        index index.html index.htm index.php;

        # 虚拟机指向的路径
        root /data/www/klpt-test.domain.com/webroot;

        # 如果访问的路径不存在，那么rewrite给根目录的
index.php，路径以参数url来传递
        location / {

            index index.html index.php;

            if (-f $request_filename) {

                break;

            }

            if (!-f $request_filename) {

                rewrite ^/(.+)$ /index.php?url=$1 last;

                break;

            }

        }

        # 配置PHP
        location ~ \.php$ {

            fastcgi_pass   phpfastcgi;

            fastcgi_index index.php;

            fastcgi_param SCRIPT_FILENAME /data/www/klpt-test.domain.com/webroot$fastcgi_script_name;

            include        fastcgi_params;

        }

        # 图片缓存 30 天
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {

            expires      30d;

        }

        

        # js 和 css 缓存 1 小时
        location ~ .*\.(js|css)$ {

            expires     1h;

        }

    }

    server
    {

        # 定义的虚拟机监听端口是 443
        listen       443;

        server_name klpt.domain.com;

        index index.html index.htm index.php;

        root /data/www/klpt.domain.com/webroot;

        

        # 开启 ssl 服务
        # 命令
openssl req -new -x509 -nodes -out klpt-sqladmin.crt -keyout klpt-sqladmin.key
        ssl on;

        ssl_certificate /data/etc/nginx7/conf/klpt-sqladmin.crt;

        ssl_certificate_key /data/etc/nginx7/conf/klpt-sqladmin.key;

        ssl_session_timeout 5m;

        ssl_protocols SSLv2 SSLv3 TLSv1;

        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

        ssl_prefer_server_ciphers   on;

        #limit_conn   crawler
20;
        # 如果访问的路径不存在，那么rewrite给根目录的
index.php，路径以参数url来传递
        location / {

            index index.html index.php;

            if (-f $request_filename) { 

                break; 

            }

            if (!-f $request_filename) {

                rewrite ^/(.+)$ /index.php?url=$1 last;

                break;

            }

        }

        # php config
        location ~ \.php$ {

            fastcgi_pass   phpfastcgi;

            fastcgi_index index.php;

            fastcgi_param SCRIPT_FILENAME /data/www/klpt.domain.com/webroot$fastcgi_script_name;

            # 开启 https ，需要此配置
            fastcgi_param HTTPS on;

            include        fastcgi_params;

        }

        # 将静态文件缓存 30 天
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$ {

            expires      30d;

        }

        # log
        access_log /data/log/nginx/nginx_access/nginx_klpt_access.log access;

    }

    # 静态服
    server

    {

        listen       80;

        server_name klpt-static.domain.com;

        index index.html index.htm;

        root /data/www/klpt-static.domain.com;

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$ {

            expires      30d;

        }

    }

    server

    {

        listen       443;

        server_name klpt-sqladmin.domain.com;

        index index.html index.htm index.php;

        root /data/www/klpt-sqladmin.domain.com;

        ssl on;

        ssl_certificate /data/etc/nginx7/conf/klpt-sqladmin.crt;

        ssl_certificate_key /data/etc/nginx7/conf/klpt-sqladmin.key;

        ssl_session_timeout 5m;

        ssl_protocols SSLv2 SSLv3 TLSv1;

        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

        ssl_prefer_server_ciphers   on;

        location ~ \.php$ {

            fastcgi_pass   phpfastcgi;

            fastcgi_index index.php;

            fastcgi_param SCRIPT_FILENAME /data/www/klpt-sqladmin.domain.com$fastcgi_script_name;

            # 开启 https ，需要此配置
            fastcgi_param HTTPS on;

            include        fastcgi_params;

        }

    

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$ {

            expires      30d;

        }

        access_log /data/log/nginx/nginx_access/nginx_sqladmin_access.log access;

    }
}