nginx,apache,tomcat虚拟主机配置及CA证书的配置实例

重头整理下这些WEB服务器的虚拟主机配置,免得以后到处找

我们还是先把nginx配置贴出来

user  www www;
worker_processes  1;
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
pid        logs/nginx.pid;
events {
    worker_connections  1024;
    multi_accept on; 
    use epoll; 
}
http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

	client_header_timeout 30; 
	client_body_timeout 30;
	client_max_body_size 128m;
	reset_timedout_connection on;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  30;
	
	send_timeout 30;
	limit_conn_zone $binary_remote_addr zone=addr:5m; 
	limit_conn addr 100;

	fastcgi_connect_timeout 300;
	fastcgi_send_timeout 300;
	fastcgi_read_timeout 300;

	fastcgi_buffer_size 128k;
	fastcgi_buffers 4 256k;
	fastcgi_busy_buffers_size 256k;

	gzip on;
	gzip_min_length 1k;
	gzip_buffers 16 64k;
	gzip_http_version 1.1;
	gzip_comp_level 9;
	gzip_types text/plain application/x-javascript text/css application/xml application/x-httpd-php;
	gzip_vary on;

	proxy_buffer_size 128k;
	proxy_buffers 32 32k;
	proxy_busy_buffers_size 128k;

	open_file_cache max=100000 inactive=30s; 
	open_file_cache_valid 60s; 
	open_file_cache_min_uses 2; 
	open_file_cache_errors on;

include vhost/*.conf;

}

1、nginx虚拟主机配置

1)http配置方式

server {
    listen 80;
    server_name  sulao.cn ;
    root  /data/www/sulao.cn;
    index index.php index.html ;
    location ~ .*\.(jpg|jpeg|png|gif|js|css)$ {
        expires 2h;
    }
    #以下配置适合thinkphp5
    location / {
        if (!-e $request_filename) {
            rewrite  ^(.*)$  /index.php?s=/$1  last;
            break;
        }
    }
    location ~ \.php(/|$) {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_split_path_info ^(.+\.php)(.*)$;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include  fastcgi_params;
    }
}

2)https配置方式

server {
    listen 443;
    server_name    sulao.cn;
    ssl on;
    ssl_certificate   sslkey/214796740620600.pem; #证书链位置
    ssl_certificate_key  sslkey/214796740620600.key; #证书私钥位置
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location ~ .*\.(jpg|jpeg|png|gif|js|css)$ {
        expires 1d;
        valid_referers none blocked sulao.cn *.sulao.cn *.google.com *.baidu.com *.so.com *.haosou.com;
        if ($invalid_referer) {
            return 404;
        }
    }
    #禁止爬虫爬取
    if ($http_user_agent ~ must-revalidate) {
        return 403;
    }
    #禁止爬虫爬取
    if ($http_user_agent ~ "Bench") {
        return 404;
    }
    location ~ \.php(/|$) {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_split_path_info ^(.+\.php)(.*)$;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include fastcgi_params;
    }       
}

3)负载均衡配置

upstream sulao.cn {
    server 127.0.0.1:5001 weight=1;
    server 127.0.0.1:5002 weight=1;
    iphash;
}
server {
    listen 443;
    server_name  www.sulao.cn  sulao.cn;
    ssl on;
    ssl_certificate   sslkey/214796740620600.pem; #证书链位置
    ssl_certificate_key  sslkey/214796740620600.key; #证书私钥位置
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    if ($http_user_agent ~ must-revalidate) {
        return 403;
    }
    if ($http_user_agent ~ "Bench") {
        return 404;
    }        
    location / {
        proxy_pass http://sulao.cn;
        #include naproxy.conf;
        proxy_connect_timeout 30s;
        proxy_send_timeout   90;
        proxy_read_timeout   90;
        proxy_buffer_size    32k;
        proxy_buffers     4 32k;
        proxy_busy_buffers_size 64k;
        proxy_redirect     off;
        proxy_hide_header  Vary;
        proxy_set_header   Accept-Encoding '';
        proxy_set_header   Host   $host;
        proxy_set_header   Referer $http_referer;
        proxy_set_header   Cookie $http_cookie;
        proxy_set_header   X-Real-IP  $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

2、apache虚拟主机配置

1)http配置

<VirtualHost *:80>
  #ServerAdmin admin@example.com
  DocumentRoot "/data/www/sulao.cn"
  ServerName www.sulao.cn
  ServerAlias sulao.cn
  ErrorLog "/data/logs/sulao.cn_error.log"
  CustomLog "/data/logs/sulao.cn_access.log" common
<Directory "/data/www/sulao.cn">
  SetOutputFilter DEFLATE
  Options FollowSymLinks ExecCGI
  Require all granted
  AllowOverride All
  Order allow,deny
  Allow from all
  DirectoryIndex index.html index.php
</Directory>
</VirtualHost>

2)https配置

Listen 443

SSLCipherSuite AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLHonorCipherOrder on 
SSLProtocol all -SSLv2 -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

<VirtualHost _default_:443>
    DocumentRoot "/data/www/sulao.cn"
    ServerName www.sulao.cn
    ServerAlias sulao.cn
    ErrorLog /data/logs/sulao.cn-error_log
    CustomLog /data/logs/sulao.cn-access_log common
    SSLEngine on
    SSLCertificateFile "conf/sslkey/public.pem"
    SSLCertificateKeyFile "conf/sslkey/213975986750343.key"
    SSLCertificateChainFile "conf/sslkey/chain.pem"
</VirtualHost>

3、tomcat虚拟主机配置

1)http配置

<Host name="www.sulao.cn" debug="0" appBase="/data/www/sulao.cn" unpackWARs="true" autoDeploy="true">
    <Context path="" docBase="."/>       
    <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"  prefix="sulao.cn_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
    <Logger className="org.apache.catalina.logger.FileLogger" directory="logs"  prefix="sulao.cn_log." suffix=".txt" timestamp="true"/>
</Host>

2)https配置

    <Connector port="443"
    protocol="HTTP/1.1"
    SSLEnabled="true"
    scheme="https"
    secure="true"
    keystoreFile="cert/214300102730343.pfx"
    keystoreType="PKCS12"
    keystorePass="214300102730343"
    clientAuth="false"
    SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
    ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>

整理完毕。。。

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://sulao.cn/post/500.html

我要评论

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。