50x和40x配置

error_page 500 502 503 504 /50x.html;
location = /50x.html {root html;
}error_page 404 /404.html;
location = /404.html {root html;
}

URL重写配置(例如隐藏)

location / {if (!-e $request_filename) {rewrite ^(.*)$ /index.php?s=/$1 last;break;}index index.html;try_files $uri $uri/ /index.html last;
}

禁止访问文件或目录配置

location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md) {return 404;
}

禁止脚本执行配置

location ~ ^/(uploads|assets)/.*\.(php|php5|jsp)$ {deny all;
}

请求此类文件时进行下载而不是预览

location ~ .*\.(txt|doc|pdf|rar|gz|zip|docx|exe|xlsx|ppt|pptx)$ {add_header Content-Disposition attachment;
}

缓存js和css配置

location ~ .*\.(js|css)?$ {expires 12h;error_log /dev/null;access_log /dev/null;
}

缓存图片配置

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {expires 30d;error_log /dev/null;access_log /dev/null;
}

防盗链配置

location ~ .*\.(jpg|jpeg|gif|png|js|css)$ {expires 30d;access_log /dev/null;valid_referers asynctp.com;if ($invalid_referer){return 404;}
}

php配置(unix domain socket方式)

location ~ [^/]\.php(/|$) {root root;#try_files $uri =404;fastcgi_index index.php;fastcgi_pass unix:/tmp/php/var/run/php-fpm.sock;#pathinfo给fastcgi权限 可支持?s=/module/controller/action的url访问模式fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;fastcgi_param PATH_INFO $fastcgi_path_info;fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;include fastcgi_params;
}

跨域CORS配置

location / {#可接受来源add_header 'Access-Control-Allow-Origin' '*' always;#跨域支持的请求类型 ',OPTIONS,GET,POST,PUT,DELETE'add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS' always;#是否允许发送Cookieadd_header 'Access-Control-Allow-Credentials' 'true' always;#跨域请求允许Header头可添加多个 如If-Modified-Sinceadd_header 'Access-Control-Allow-Headers' 'If-Modified-Since' always;#缓存时间(秒)add_header 'Access-Control-Max-Age' '1728000' always;#预检请求处理if ($request_method = 'OPTIONS') {add_header 'Content-Length' '0';return 204;}
}

SSl配置

server {listen 80 443 ssl;http2 on;server_name _;#强制httpsif ($server_port !~ 443) {rewrite ^(/.*)$ https://$host$1 permanent;}ssl_certificate vhost/cert/server_name.pem;ssl_certificate_key vhost/cert/server_name.key;ssl_protocols TLSv1.3;ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;ssl_prefer_server_ciphers on;ssl_session_cache shared:SSL:10m;ssl_session_timeout 10m;add_header Strict-Transport-Security "max-age=31536000";error_page 497 https://$host$request_uri;
}