nginx.conf

user www www;
worker_processes auto;
error_log /www/wwwlogs/nginx_error.log crit;
pid /www/server/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;

stream {
    log_format tcp_format '$time_local|$remote_addr|$protocol|$status|$bytes_sent|$bytes_received|$session_time|$upstream_addr|$upstream_bytes_sent|$upstream_bytes_received|$upstream_connect_time';

    access_log /www/wwwlogs/tcp-access.log tcp_format;
    error_log /www/wwwlogs/tcp-error.log;
    include /www/server/panel/vhost/nginx/tcp/*.conf;
}

events {
    use epoll;
    worker_connections 51200;
    multi_accept on;
}

http {
    include mime.types;
    #include luawaf.conf;

    include proxy.conf;

    default_type application/octet-stream;

    server_names_hash_bucket_size 512;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 50m;

    sendfile on;
    tcp_nopush on;

    keepalive_timeout 60;

    tcp_nodelay on;

    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_intercept_errors on;

    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
    gzip_vary on;
    gzip_proxied expired no-cache no-store private auth;
    gzip_disable "MSIE [1-6]\.";

    limit_conn_zone $binary_remote_addr zone=perip:10m;
    limit_conn_zone $server_name zone=perserver:10m;

    server_tokens off;
    access_log off;
    #/www/server/nginx/html/chart/dist
    #/www/server/nginx/html/blog
    server {
        listen 80;
        server_name ylc6223.site;
        location / {
            #root /www/server/nginx/html/blog;
            #index  index.html index.htm;
            #return 301 https://$host$request_uri;
            rewrite ^(.*) https:$host$1 permanent;
        }
        location /chart {
            #alias /www/server/nginx/html/chart/dist/;
            #index  index.html index.htm;
            rewrite ^(.*) https:$host$1 permanent;
        }
        location /imgs {
            rewrite ^(.*) https:$host$1 permanent;
        }
    }
    server {
        listen 443;
        server_name ylc6223.site;
        ssl on;
        ssl_certificate /www/server/nginx/certificate/public.pem; #根据实际的路径和文件名配置
        ssl_certificate_key /www/server/nginx/certificate/private.key; #根据实际的路径和文件名配置
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配
        ssl_prefer_server_ciphers on;

        location / {
            root /www/server/nginx/html/blog; #站点目录
            index index.html index.htm;
        }
        location /chart {
            alias /www/server/nginx/html/chart/dist; #站点目录
            try_files $uri $uri/ /chart/index.html;
            #index  index.html index.htm;
        }
        location /imgs {
            autoindex on; # 允许展示静态资源目录
            autoindex_exact_size off;
            autoindex_localtime on;
            alias /www/server/nginx/imgs/;
        }
    }
    server {
        listen 80 default_server;
        server_name _;

        # 如果通过 IP 或其他未定义的域名访问，则返回 403 Forbidden 错误
        return 403;
    }
    server {
        listen 443 default_server;
        server_name _;
        ssl on;
        ssl_certificate /www/server/nginx/certificate/public.pem; #根据实际的路径和文件名配置
        ssl_certificate_key /www/server/nginx/certificate/private.key; #根据实际的路径和文件名配置
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配
        ssl_prefer_server_ciphers on;
        # 如果通过 IP 或其他未定义的域名访问，则返回 403 Forbidden 错误
        return 403;
    }
    server {
        listen 888;
        server_name phpmyadmin;
        index index.html index.htm index.php;
        root /www/server/phpmyadmin;

        #error_page   404   /404.html;
        include enable-php.conf;

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
            expires 30d;
        }

        location ~ .*\.(js|css)?$ {
            expires 12h;
        }

        location ~ /\. {
            deny all;
        }

        access_log /www/wwwlogs/access.log;
    }
    include /www/server/panel/vhost/nginx/*.conf;
}