 
      
    Nginx
- 37 ответов
- 0 вопросов
    23
    Вклад в тег
    
      
      
    
  
  
 
  
   
  
  1. Постоянный редирект с / на index.phplocation = / { rewrite ^ $scheme://$host/index.php permanent; } location / { deny all; return 404; } location ~* ^/index\.php$ { try_files $uri $uri/ =404; fastcgi_index index.php; fastcgi_pass php5-fpm-sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/fastcgi_params; }
$host
в порядке приоритета: имя хоста из строки запроса, или имя хоста из поля “Host” заголовка запроса, или имя сервера, соответствующего запросу
...
        error_page 404 = @cms;
        location / {
            try_files /NONEXISTENTFILE @cms;
        }
        location @cms {
                fastcgi_pass      unix:/var/lib/php5-fpm/xxxxx.sock;
                fastcgi_index    index.php;
                fastcgi_param   SCRIPT_FILENAME $document_root/index.php;
                fastcgi_param   SCRIPT_NAME /index.php;
                include             /etc/nginx/fastcgi_params;
        }
...2. Запрещаем любую статику кроме gif|jpg|png|js|css|ttf|woff|icolocation ~* \.(gif|jpg|png|js|css|ttf|woff|ico)$ { try_files $uri =404; expires 30d; }
...
        error_page 404 = @cms;
        location ~* ^.+\.(gif|jpg|png|js|css|ttf|woff|ico)$ {
                expires 30d;
                access_log off;
                log_not_found off;
        }
        location / {
            try_files /NONEXISTENTFILE @cms;
        }
...http {
....
        geo $my_client_ip $denied {
                default 1;
                127.0.0.1 0;
                XX.XX.XX.XX 0; # <- IP1 с которого можно заходить
                YY.YY.YY.YY 0;    # <- IP2 с которого можно заходить
        }
server {
        listen       443 ssl;
        server_name  site.ru;
        root         /var/www/html/;
...
        set $my_client_ip $remote_addr;
        if ($http_x_forwarded_client_ip ~ "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}") {
                set $my_client_ip $http_x_forwarded_client_ip;
        }
        error_page 403 = @deny;
        location @deny {
                root /var/www/deny;
                rewrite ^(.*)$ /index.html break;
        }
        location ~* ^/json\.php$ {
                if ($denied) {
                        return 403;
                }
                try_files /NONEXISTENTFILE @json;
        }
        location @json {
                try_files       $uri = 404;
                fastcgi_pass    unix:/var/lib/php5-fpm/xxxxx.sock;
                fastcgi_index   index.php;
                fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include         /etc/nginx/fastcgi_params;
        }
}
}4. Разрешаем доступ к /admin только с 1-го IP, для /admin/phpmyadmin
 
  
  proxy_connect_timeout 120s;
proxy_send_timeout 120s;
proxy_read_timeout 120s;http {
    ...
    log_format upstream_log '[$time_local] $remote_addr - $remote_user - $server_name to: $upstream_addr: $request upstream_response_time $upstream_response_time msec $msec request_time $request_time';
upstream servers {
                least_conn;
                server ip1;
                server ip2 max_fails=3 fail_timeout=30s;
                server ip3 max_fails=5 fail_timeout=30s;
                keepalive 16;
        }
server {
                listen 80;
                access_log /var/log/nginx/servers-access.log upstream_log;
                error_log /var/log/nginx/servers-error.log debug;
                location / {
                        proxy_pass http://servers;
                        proxy_http_version 1.1;
                        proxy_set_header Connection "";
                        proxy_connect_timeout 120s;
                        proxy_send_timeout 120s;
                        proxy_read_timeout 120s;
        }
} 
  
   
  
  server {
....
root /var/www/mysite.com;
index index.php index.html index.htm;
location / {
        try_files $uri $uri/ =404;
}
location ~ \.php$ {
        try_files $uri = 404;
        fastcgi_pass unix:/var/lib/php5-fpm/mysite.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include /etc/nginx/fastcgi_params;
}
...
}