nginx-cheat-sheet
仲孙超
API 配置
location ~ /(api) {
include uwsgi_params;
uwsgi_pass 127.0.0.1:[uwsgi 配置端口号];
uwsgi_read_timeout 1200s;
uwsgi_send_timeout 1200s;
access_log /var/log/nginx/[post 数据日志表].log postdata; # 生产删除
if ( $request_method !~ ^(GET|POST|HEAD)$ ) {
return 405;
}
}
生产安全配置
server {
# ...其他配置
# HTTP 安全 Header
add_header X-Frame-Options "DENY";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
# ...其他配置
}
# 自动重定向到 HTTPS
server {
listen 80;
listen [::]:80;
server_name server_name;
location / {
return 301 https://$server_name$request_uri;
}
}
# SSL 安全配置
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
功能配置
401 认证
- 安装密码工具
sudo apt install apache2-utils
- 在 Nginx 配置路径创建文件 htpasswd
htpasswd -c [nginx 路径]/htpasswd [用户名]
- 在 Nginx 配置中加入如下
location / {
auth_basic "auth required";
auth_basic_user_file htpasswd;
try_files $uri $uri/ @rewrites;
}
类似资料: