nginx配置
ssl的配置
ssl on;
ssl_certificate /usr/local/nginx/ssl.crt;
ssl_certificate_key /usr/local/nginx/ssl.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
配置thinkphp项目的过滤
set $str &$query_string;
if ($str ~* "&(g|m|a)=[^&]{0,}[^a-zA-Z0-9_&]") {
return 403;
}
if ($str ~* "&(g|m|a)=[^&]{30,}") {
return 403;
}
if ($str ~* "\.\.") {
return 403;
}
if ($str ~* "(\./\.|\.\\\.)") {
return 403;
}
if ($str ~* "&templateFile=") {
return 403;
}
http {
server {
listen 80;
include conf/filter_thinkphp;
location ~ \.php$ {
root "E:/wamp/www";
if (!-e $request_filename) {return 403;}
if ($request_filename ~* "\.(zip|gz|rar|sql|gitignore|git|htaccess)$") {return 403;}
if ($fastcgi_script_name !~* "^/(index\.php|admin\.php)$") {return 403;}
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include conf/fastcgi_params;
fastcgi_connect_timeout 75;
fastcgi_send_timeout 300;
fastcgi_read_timeout 600;
fastcgi_buffer_size 64k;
fastcgi_buffers 8 64k;}
location / {
root "E:/wamp/www";
index index.php;
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php?$1 last;}
location ~ \.(gif|jpg|jpeg|png|bmp|swf)$ {
expires 30d;}
location ~ \.(js|css)$ {
expires 10d;}}}
}
配置二级目录的laravel项目
http {
server {
listen 80;
location = /kf2 {
rewrite ^/kf2$ /kf2/ redirect;}
location /kf2/ {
root "E:\wamp\www\laravle\public";set $web_pre /kf2;
index index.php;
set $real_uri $uri;if ( $uri ~ /kf2/(.*)$ ) {set $real_uri $1;}
if ( $real_uri ~ \.(gif|jpg|jpeg|png|bmp|swf|js|css|wmv|ogg|woff2|woff|ttf|html|eot|mp4|ico)$ ) {
rewrite .* /$real_uri break;
expires 30d;break;}
fastcgi_index index.php;set $real_uri index.php;
include conf/fastcgi_params;set $fastcgi_script_name_real /$real_uri;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name_real;
fastcgi_param SCRIPT_NAME $web_pre/$real_uri;
fastcgi_param DOCUMENT_URI $web_pre/$real_uri;
fastcgi_connect_timeout 75;
fastcgi_send_timeout 300;
fastcgi_read_timeout 100;
fastcgi_buffer_size 64k;
fastcgi_buffers 8 64k;if ( $real_uri ) {
fastcgi_pass 127.0.0.1:9000;break;}return 404;}}
}
配置二级目录的 thinkphp 项目
http {
server {
listen 8290;
ssl_certificate conf/ssl/ssl.crt;
ssl_certificate_key conf/ssl/ssl.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
server_name _;
client_max_body_size 100M;
client_body_timeout 1m;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
root "E:/YS/wamp/www/GIT";
index index.html index.htm index.php;
error_log logs/error.8290.log info;
location = /50x.html {
root html;}
include conf/denied.files.ys;
include conf/filter.thinkphp.ys;
location ~ \.php$ {if ($fastcgi_script_name !~* "^/[\/a-zA-Z0-9_-]+\.php$") {return 403;}
fastcgi_pass 127.0.0.1:9003;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include conf/fastcgi_params;
fastcgi_connect_timeout 75;
fastcgi_send_timeout 300;
fastcgi_read_timeout 600;
fastcgi_buffer_size 64k;
fastcgi_buffers 8 64k;}
location /king/ {
if (!-e $request_filename) {
rewrite ^/king/index.php(.*)$ /king/index.php?s=$1 last;
rewrite ^/king/(.*)$ /king/index.php?s=$1 last;}}}
}
laravel 过滤url的配置
location ~ \.(gif|jpg|jpeg|png|bmp|swf|js|css|wmv|ogg|woff2|woff|ttf|html|eot|mp4|ico|otf)$ {
expires 30d;break;
}
location ~ \.\. {return 401;
}
location ~ [^0-9a-zA-Z\./-_] {return 402;
}
location / {
index index.php;
fastcgi_index index.php;set $real_uri index.php;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param REDIRECT_STATUS 200;
set $fastcgi_script_name_real /$real_uri;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name_real;
fastcgi_param SCRIPT_NAME /$real_uri;
fastcgi_param DOCUMENT_URI /$real_uri;
fastcgi_connect_timeout 75;
fastcgi_send_timeout 300;
fastcgi_read_timeout 100;
fastcgi_buffer_size 64k;
fastcgi_buffers 8 64k;
fastcgi_pass 127.0.0.1:9004;break;
}
upstream demo{
server 127.0.0.1:8306;
server 127.0.0.1:8307;
}
server {
listen 8305;
server_name _;
client_max_body_size 100M;
client_body_timeout 1m;
error_log logs/error.8305.log info;
location / {
proxy_pass http:
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-PORT $remote_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Prefix /;
}
location /test/ {
proxy_pass http:
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-PORT $remote_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Prefix /test/;
}
}
server {
listen 8306;
server_name _;
client_max_body_size 100M;
client_body_timeout 1m;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
root "E:\YS\wamp\www\GIT\demo\public";
error_log logs/error.8306.log info;
location = /50x.html {
root html;}
include conf/filter.laravel.ys;
}
server {
listen 8307;
server_name _;
client_max_body_size 100M;
client_body_timeout 1m;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
root "E:\YS\wamp\www\GIT\demo\public";
error_log logs/error.8307.log info;
location = /50x.html {
root html;}
include conf/filter.laravel.ys;
}
<?php
namespace App\Http\Middleware;
use Fideloper\Proxy\TrustProxies as Middleware;
use Illuminate\Http\Request;
class TrustProxies extends Middleware
{
protected $proxies = [
protected $headers = Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO | Request::HEADER_X_FORWARDED_AWS_ELB | Request::HEADER_X_FORWARDED_PREFIX;
}