location / {
try_files $uri $uri/ /index.php?altum=$uri;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php:9000; # proxy requests to a TCP socket
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
2 дня мучаюсь, щас вот пишет что почему то не найдены
docker run --rm -v /etc/letsencrypt:/etc/letsencrypt -p 80:9080 my-app
server {
listen 80;
# listen 443 http3 reuseport;
listen 443 ssl;
root /var/www/trainzcity.myftp.org/html;
index index.html index.htm index.nginx-debian.html;
server_name trainzcity.myftp.org;
ssl_certificate /etc/nginx/certs/0001_chain.pem;
ssl_certificate_key /etc/nginx/certs/key-384r1.key;
ssl_protocols TLSv1.3;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 80;
# listen 443 http3 reuseport;
listen 443 ssl;
root /var/www/trainzcity.myftp.org/html;
index index.html index.htm index.nginx-debian.html;
server_name nix-adserver.trainzcity.myftp.org;
ssl_certificate /path/to/pki/nix-adserver.trainzcity.myftp.org.crt;
ssl_certificate_key /path/to/pki/nix-adserver.trainzcity.myftp.org.key;
ssl_protocols TLSv1.3;
location / {
try_files $uri $uri/ =404;
}
}
listen 80
и listen 443 ssl
и так позволяют Nginx слушать на всех интерфейсах.iptables -A POSTROUTING -t nat -p tcp -d 192.168.1.1 --dport 80 \
-m statistic --mode nth --every 3 --packet 0 \
-j SNAT --to-source 10.0.0.1
iptables -A POSTROUTING -t nat -p tcp -d 192.168.1.1 --dport 80 \
-m statistic --mode nth --every 2 --packet 0 \
-j SNAT --to-source 10.0.0.2
iptables -A POSTROUTING -t nat -p tcp -d 192.168.1.1 --dport 80 \
-j SNAT --to-source 10.0.0.3
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/proxy/cert/example.com/fullchain.pem;
ssl_certificate_key /path/to/proxy/cert/example.com/privkey.pem;
location / {
proxy_pass https://$upstream;
proxy_ssl_server_name on;
proxy_ssl_name $host;
proxy_set_header Host $host;
}
}
Параметр ssl (0.7.14) указывает на то, что все соединения, принимаемые на данном порту, должны работать в режиме SSL. Это позволяет задать компактную конфигурацию для сервера, работающего сразу в двух режимах — HTTP и HTTPS.
- ./docker/nginx/sites/:/etc/nginx/sites-available/
docker run --rm -it nginx:alpine ls -1 /etc/nginx
conf.d
fastcgi.conf
fastcgi_params
mime.types
modules
nginx.conf
scgi_params
uwsgi_params
docker run --rm -it nginx:alpine ls -1 /etc/nginx/conf.d/
default.conf
server_name
на регулярку с именованными группами:# это пример регулярку надо поменять под свои нужды
server_name ~(?<branch_name>[^\.]*)\.(?<tld>[^\.]*)$;
location ~ \.html$ {
proxy_pass http://frontend_${branch_name}_react_nginx;
}
include /etc/nginx/sites-enabled/*.conf;
server {
listen 80;
server_name domain;
location /.well-known/acme-challenge/ {
alias /path/to/.well-known/acme-challenge/;
allow all;
default_type "text/plain";
try_files $uri =404;
}
location / {
return 301 https://domain$request_uri;
}
}
certbot certonly --agree-tos --email webmaster@domain --webroot -w /path/to/ -d domain
openssl dhparam -out /etc/nginx/dhparam4096.pem 4096
server {
listen 443 ssl http2;
server_name domain;
ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;
ssl_dhparam /etc/nginx/dhparam4096.pem;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve secp384r1:prime256v1:X25519;
ssl_session_timeout 24h;
ssl_session_cache shared:TLS:20m;
resolver 1.1.1.1 8.8.8.8;
resolver_timeout 5s;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection ‘upgrade’;
proxy_cache_bypass $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
proxy_pass URL;
- протокол тоже надо указывать.