在 centOS9 上配置 Nginx 支持 PHP8、Vue3(生产环境)
服务器上/var/web/www目录作为生成环境的目录,在这个目录下又新建设了多个 web 项目。
目录:/var/web/www ├── exampleHome(vue 打包后文件,前端前台),对应域名https://www.example.com ├── exampleAdmin(vue 打包后文件,前端后台),对应域名https://admin.example.com ├── exampleApi(php 后端 laravel 框架),对应域名https://api.example.com
- 开启 gzip 压缩。
- 开启 nginx 上传限制 20 M。
- 支持 HTTPS 协议:需要 SSL 证书。国内各大域名经营商都免费提供。
配置 Nginx
vim /usr/local/nginx/conf/nginx.conf
nginx.conf内容如下:
user www; worker_processes 2; error_log /var/log/nginx/error.log error; pid /usr/local/nginx/logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; # gzip 压缩 gzip on; gzip_http_version 1.1; gzip_vary on; gzip_comp_level 3; gzip_proxied any; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/jpeg image/gif image/png; gzip_min_length 1; gzip_buffers 16 8k; gzip_disable "MSIE [1-6].(?!.*SV1)"; # nginx 支持上传最大 20M client_max_body_size 20M; # 开始配置 支持 vue 前端 server { listen 80; server_name example.com; rewrite ^(.*)$ https://www.example.com$1 permanent; } server { listen 80; server_name www.example.com; rewrite ^(.*)$ https://www.example.com$1 permanent; } server { listen 443 ssl; server_name www.example.com; root /var/web/www/exampleHome; index index.html; charset utf-8; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; ssl_certificate "/usr/local/nginx/cert/example/example.com_bundle.crt"; ssl_certificate_key "/usr/local/nginx/cert/example/example.com.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { try_files $uri $uri/ /index.html; } location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } error_page 404 /index.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/local/nginx/html; } location ~ /\.(?!well-known).* { deny all; } location ~ /\.env { deny all; } location ~ /\.ht { deny all; } } # 开始配置 支持 vue server { listen 80; server_name admin.example.com; rewrite ^(.*)$ https://admin.example.com$1 permanent; } server { listen 443 ssl; server_name admin.example.com; root /var/web/www/exampleAdmin; index index.html; charset utf-8; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; ssl_certificate "/usr/local/nginx/cert/exampleAdmin/admin.example.com_bundle.crt"; ssl_certificate_key "/usr/local/nginx/cert/exampleAdmin/admin.example.com.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { try_files $uri $uri/ /index.html; } location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } error_page 404 /index.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/local/nginx/html; } location ~ /\.(?!well-known).* { deny all; } location ~ /\.env { deny all; } location ~ /\.ht { deny all; } } # 开始配置 支持 PHP 后端 server { listen 80; server_name api.example.com; rewrite ^(.*)$ https://api.example.com$1 permanent; } server { listen 443 ssl; server_name api.example.com; root /var/web/www/example/public; index index.php index.html index.htm; charset utf-8; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; ssl_certificate "/usr/local/nginx/cert/exampleApi/api.example.com_bundle.crt"; ssl_certificate_key "/usr/local/nginx/cert/exampleApi/api.example.com.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { try_files $uri $uri/ /index.php?$query_string; } location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } error_page 404 /index.php; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/local/nginx/html; } location ~ \.php(.*)$ { include fastcgi.conf; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; } if (!-d $request_filename) { rewrite ^/(.+)/$ /$1 permanent; } if ($request_uri ~* index/?$) { rewrite ^/(.*)/index/?$ /$1 permanent; } if (!-e $request_filename) { rewrite ^/(.*)$ /index.php?/$1 last; break; } location ~ /\.(?!well-known).* { deny all; } location ~ /\.env { deny all; } location ~ /\.ht { deny all; } } }
fastcgi.conf 和 fastcgi_params 的区别:
- 对比fastcgi.conf和fastcgi_params不同配置方式,差别一行:
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi.conf是 nginx 0.8.30 才引入的。fastcgi_param 指令是数组型的,和普通指令相同的是:内层替换外层;和普通指令不同的是:当在同级多次使用的时候,是新增而不是替换。如果在同级定义两次 SCRIPT_FILENAME,那么它们都会被发送到后端,这可能会导致一些潜在的问题,为了避免此类情况,便引入了一个新的配置文件。
- 应该使用最新的方式:include fastcgi.conf;
fastcgi.conf
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REQUEST_SCHEME $scheme; fastcgi_param HTTPS $https if_not_empty; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200;