这是一个配置模板我现在正在使用:
server {
server_name {:primaryDomain};
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/{:primaryDomain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{:primaryDomain}/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
root {:siteRoot};
index index.php index.html;
recursive_error_pages off;
error_page 403 = /HTTP_ERRORS/403.html;
error_page 404 = /HTTP_ERRORS/404.html;
error_page 500 = /HTTP_ERRORS/500.html;
location ^~ /HTTP_ERRORS/ {
alias {:sharedHtmlRoot}/;
internal;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /manage {
root {:siteRoot}/manage;
try_files $uri $uri/ /manage/index.php?$query_string;
}
location ~* .php$ {
fastcgi_pass unix:/run/php/php{:phpVer}-fpm-{:user}.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
location /assets/ {
alias /public/assets/;
}
}
server {
server_name {:primaryDomain} www.{:primaryDomain};
listen 80;
return 301 https://{:primaryDomain}$request_uri;
}
server {
server_name www.{:primaryDomain};
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/{:primaryDomain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{:primaryDomain}/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
return 301 https://{:primaryDomain}$request_uri;
}
注意{:keywords}。这些是我用生成nginx最终配置的脚本替换的字符串。它工作得很好,但是我有大约300个网站,脚本将使用这个模板生成300个这样的配置,所以最终的nginx .conf文件相当大。我可以使用一个单一的nginx配置为所有网站不知何故?
这是一个all in one配置,我已经验证了nginx/1.18.0,但仍然需要生成一个域列表文件/etc/nginx/mydomains
/etc/nginx/sites-enabled/default
map $http_host $vhost_config {
hostnames;
default "";
include /etc/nginx/mydomains;
}
map $vhost_config $vhost_root {
default "";
~^([^:]+):([^:]+):([^:]+)$ $1;
}
map $vhost_config $php_version {
default "";
~^([^:]+):([^:]+):([^:]+)$ $2;
}
map $vhost_config $php_user {
default "";
~^([^:]+):([^:]+):([^:]+)$ $3;
}
map $ssl_server_name $my_cert_name {
default "";
~^(www.)?(.+)$ $2;
}
server {
listen 80 default_server;
listen 443 ssl default_server;
ssl_certificate /etc/letsencrypt/live/$my_cert_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$my_cert_name/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
server_name ~^(?<www>(www.)?)(?<domain>.+)$;
recursive_error_pages off;
error_page 403 = /HTTP_ERRORS/403.html;
error_page 404 = /HTTP_ERRORS/404.html;
error_page 500 = /HTTP_ERRORS/500.html;
location ^~ /HTTP_ERRORS/ {
alias {:sharedHtmlRoot}/;
internal;
}
# redirect www.abc.com to abc.com
if ($www != '') {
return 301 https://$domain$request_uri;
}
# redirect http to https
if ($scheme = 'http') {
return 301 https://$domain$request_uri;
}
# if domain not exist in mydomains, return 404
if ($vhost_root = '') {
return 404;
}
root $vhost_root;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /manage {
root $vhost_root/manage;
try_files $uri $uri/ /manage/index.php?$query_string;
}
location ~* .php$ {
fastcgi_pass unix:/run/php/php$php_version-fpm-$php_user.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
location /assets/ {
alias /public/assets/;
}
}
/etc/nginx/mydomains的含量
# domain.name "<site root>:<php version>:<php user>";
abc.com "/var/www/html/abc:7.4:user1";
efg.com "/var/www/html/efg:7.0:user2";
指出
- Nginx从
1.15.9开始支持在ssl_certificate指令中使用变量,$ssl_server_name是在nginx/1.70中引入的。由于http变量$http_host在https连接建立之前不会初始化,因此$ssl_server_name在此配置中不可替换。 - 你可以将
server块中的{:sharedHtmlRoot}替换为你的真实路径。 - all in one
server块被声明为默认块,如果在你的nginx配置中已经有一个默认的服务器块,你需要覆盖旧的。