在 centOS9 上配置 Nginx 支持 PHP8、Vue3(生产环境)
服务器上/var/web/www目录作为生成环境的目录,在这个目录下又新建设了多个 web 项目。
目录:/var/web/www ├── exampleHome(vue 打包后文件,前端前台),对应域名https://www.example.com ├── exampleAdmin(vue 打包后文件,前端后台),对应域名https://admin.example.com ├── exampleApi(php 后端 laravel 框架),对应域名https://api.example.com
- 开启 gzip 压缩。
- 开启 nginx 上传限制 20 M。
- 支持 HTTPS 协议:需要 SSL 证书。国内各大域名经营商都免费提供。
配置 Nginx
vim /usr/local/nginx/conf/nginx.conf
nginx.conf内容如下:
user www;
worker_processes 2;
error_log /var/log/nginx/error.log error;
pid /usr/local/nginx/logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
# gzip 压缩
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 3;
gzip_proxied any;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/jpeg image/gif image/png;
gzip_min_length 1;
gzip_buffers 16 8k;
gzip_disable "MSIE [1-6].(?!.*SV1)";
# nginx 支持上传最大 20M
client_max_body_size 20M;
# 开始配置 支持 vue 前端
server {
listen 80;
server_name example.com;
rewrite ^(.*)$ https://www.example.com$1 permanent;
}
server {
listen 80;
server_name www.example.com;
rewrite ^(.*)$ https://www.example.com$1 permanent;
}
server {
listen 443 ssl;
server_name www.example.com;
root /var/web/www/exampleHome;
index index.html;
charset utf-8;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
ssl_certificate "/usr/local/nginx/cert/example/example.com_bundle.crt";
ssl_certificate_key "/usr/local/nginx/cert/example/example.com.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ /index.html;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/nginx/html;
}
location ~ /\.(?!well-known).* {
deny all;
}
location ~ /\.env {
deny all;
}
location ~ /\.ht {
deny all;
}
}
# 开始配置 支持 vue
server {
listen 80;
server_name admin.example.com;
rewrite ^(.*)$ https://admin.example.com$1 permanent;
}
server {
listen 443 ssl;
server_name admin.example.com;
root /var/web/www/exampleAdmin;
index index.html;
charset utf-8;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
ssl_certificate "/usr/local/nginx/cert/exampleAdmin/admin.example.com_bundle.crt";
ssl_certificate_key "/usr/local/nginx/cert/exampleAdmin/admin.example.com.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ /index.html;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/nginx/html;
}
location ~ /\.(?!well-known).* {
deny all;
}
location ~ /\.env {
deny all;
}
location ~ /\.ht {
deny all;
}
}
# 开始配置 支持 PHP 后端
server {
listen 80;
server_name api.example.com;
rewrite ^(.*)$ https://api.example.com$1 permanent;
}
server {
listen 443 ssl;
server_name api.example.com;
root /var/web/www/example/public;
index index.php index.html index.htm;
charset utf-8;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
ssl_certificate "/usr/local/nginx/cert/exampleApi/api.example.com_bundle.crt";
ssl_certificate_key "/usr/local/nginx/cert/exampleApi/api.example.com.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/nginx/html;
}
location ~ \.php(.*)$ {
include fastcgi.conf;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
}
if (!-d $request_filename)
{
rewrite ^/(.+)/$ /$1 permanent;
}
if ($request_uri ~* index/?$)
{
rewrite ^/(.*)/index/?$ /$1 permanent;
}
if (!-e $request_filename)
{
rewrite ^/(.*)$ /index.php?/$1 last;
break;
}
location ~ /\.(?!well-known).* {
deny all;
}
location ~ /\.env {
deny all;
}
location ~ /\.ht {
deny all;
}
}
}
fastcgi.conf 和 fastcgi_params 的区别:
- 对比fastcgi.conf和fastcgi_params不同配置方式,差别一行:
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi.conf是 nginx 0.8.30 才引入的。fastcgi_param 指令是数组型的,和普通指令相同的是:内层替换外层;和普通指令不同的是:当在同级多次使用的时候,是新增而不是替换。如果在同级定义两次 SCRIPT_FILENAME,那么它们都会被发送到后端,这可能会导致一些潜在的问题,为了避免此类情况,便引入了一个新的配置文件。
- 应该使用最新的方式:include fastcgi.conf;
fastcgi.conf
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REQUEST_SCHEME $scheme; fastcgi_param HTTPS $https if_not_empty; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200;