nginx,apache,tomcat虚拟主机配置及CA证书的配置实例

重头整理下这些WEB服务器的虚拟主机配置,免得以后到处找

1、nginx虚拟主机配置

1)http配置方式

server {
    listen 80;
    server_name  sulao.cn ;
    root  /data/www/sulao.cn;
    index index.php index.html ;
    location ~ .*\.(jpg|jpeg|png|gif|js|css)$ {
        expires 2h;
    }
    #以下配置适合thinkphp5
    location / {
        if (!-e $request_filename) {
            rewrite  ^(.*)$  /index.php?s=/$1  last;
            break;
        }
    }
    location ~ \.php(/|$) {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_split_path_info ^(.+\.php)(.*)$;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include  fastcgi_params;
    }
}

2)https配置方式

server {
    listen 443;
    server_name    sulao.cn;
    ssl on;
    ssl_certificate   sslkey/214796740620600.pem; #证书链位置
    ssl_certificate_key  sslkey/214796740620600.key; #证书私钥位置
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location ~ .*\.(jpg|jpeg|png|gif|js|css)$ {
        expires 1d;
        valid_referers none blocked sulao.cn *.sulao.cn *.google.com *.baidu.com *.so.com *.haosou.com;
        if ($invalid_referer) {
            return 404;
        }
    }
    #禁止爬虫爬取
    if ($http_user_agent ~ must-revalidate) {
        return 403;
    }
    #禁止爬虫爬取
    if ($http_user_agent ~ "Bench") {
        return 404;
    }
    location ~ \.php(/|$) {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_split_path_info ^(.+\.php)(.*)$;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include fastcgi_params;
    }       
}

3)负载均衡配置

upstream sulao.cn {
    server 127.0.0.1:5001 weight=1;
    server 127.0.0.1:5002 weight=1;
    iphash;
}
server {
    listen 443;
    server_name  www.sulao.cn  sulao.cn;
    ssl on;
    ssl_certificate   sslkey/214796740620600.pem; #证书链位置
    ssl_certificate_key  sslkey/214796740620600.key; #证书私钥位置
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    if ($http_user_agent ~ must-revalidate) {
        return 403;
    }
    if ($http_user_agent ~ "Bench") {
        return 404;
    }        
    location / {
        proxy_pass http://sulao.cn;
        #include naproxy.conf;
        proxy_connect_timeout 30s;
        proxy_send_timeout   90;
        proxy_read_timeout   90;
        proxy_buffer_size    32k;
        proxy_buffers     4 32k;
        proxy_busy_buffers_size 64k;
        proxy_redirect     off;
        proxy_hide_header  Vary;
        proxy_set_header   Accept-Encoding '';
        proxy_set_header   Host   $host;
        proxy_set_header   Referer $http_referer;
        proxy_set_header   Cookie $http_cookie;
        proxy_set_header   X-Real-IP  $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

2、apache虚拟主机配置

1)http配置

<VirtualHost *:80>
  #ServerAdmin admin@example.com
  DocumentRoot "/data/www/sulao.cn"
  ServerName www.sulao.cn
  ServerAlias sulao.cn
  ErrorLog "/data/logs/sulao.cn_error.log"
  CustomLog "/data/logs/sulao.cn_access.log" common
<Directory "/data/www/sulao.cn">
  SetOutputFilter DEFLATE
  Options FollowSymLinks ExecCGI
  Require all granted
  AllowOverride All
  Order allow,deny
  Allow from all
  DirectoryIndex index.html index.php
</Directory>
</VirtualHost>

2)https配置

Listen 443

SSLCipherSuite AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLHonorCipherOrder on 
SSLProtocol all -SSLv2 -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

<VirtualHost _default_:443>
    DocumentRoot "/data/www/sulao.cn"
    ServerName www.sulao.cn
    ServerAlias sulao.cn
    ErrorLog /data/logs/sulao.cn-error_log
    CustomLog /data/logs/sulao.cn-access_log common
    SSLEngine on
    SSLCertificateFile "conf/sslkey/public.pem"
    SSLCertificateKeyFile "conf/sslkey/213975986750343.key"
    SSLCertificateChainFile "conf/sslkey/chain.pem"
</VirtualHost>

3、tomcat虚拟主机配置

1)http配置

<Host name="www.sulao.cn" debug="0" appBase="/data/www/sulao.cn" unpackWARs="true" autoDeploy="true">
    <Context path="" docBase="."/>       
    <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"  prefix="sulao.cn_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
    <Logger className="org.apache.catalina.logger.FileLogger" directory="logs"  prefix="sulao.cn_log." suffix=".txt" timestamp="true"/>
</Host>

2)https配置

    <Connector port="443"
    protocol="HTTP/1.1"
    SSLEnabled="true"
    scheme="https"
    secure="true"
    keystoreFile="cert/214300102730343.pfx"
    keystoreType="PKCS12"
    keystorePass="214300102730343"
    clientAuth="false"
    SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
    ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>

整理完毕。。。

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://sulao.cn/post/500.html

我要评论

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。