技巧

SSL 配置

可以申请 StratSSL 家的免费证书。

需要新增的配置:

1
2
3
4
5
listen       443;
ssl on;
ssl_certificate /usr/local/nginx/conf/Startssl.crt; #你从StartSSL下载证书放的路径
ssl_certificate_key /usr/local/nginx/conf/nicky1605.key; #openssl生成key路径
ssl_session_timeout 5m;

SSL配置参考
参考网址2

强制跳转 https

参考地址

SSL 重启 nginx 免输密码

配置 SSL 后,重启 nginx 时将弹出 Enter PEM pass phrase: 的提示并等待。

解决方法如下:

第一步:

openssl rsa -in server.key -out server.key.unsecure

第二步:

1
2
3
4
5
6
server {
…………
ssl_certificate /etc/nginx/certs/server.crt;
ssl_certificate_key /etc/nginx/certs/server.key.unsecure;
…………
}

参考地址

重启 Nginx 脚本

方法1:

使用 supervisor 时,直接:

supervisorctl restart xxx(e.g:all)

方法2:

/etc/init.d 创建 nginx 文件,输入如下内容,并 chmod +x nginx

使用方法:/etc/init.d/nginx {start|stop|reload|restart}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#! /bin/sh
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the nginx web server

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DESC="nginx daemon"
NAME=nginx
DAEMON=/usr/local/nginx/sbin/$NAME
CONFIGFILE=/usr/local/nginx/conf/$NAME.conf
PIDFILE=/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME


set -e
[ -x "$DAEMON" ] || exit 0

do_start() {
$DAEMON -c $CONFIGFILE || echo -n "nginx already running"
}

do_stop() {
kill -INT `cat $PIDFILE` || echo -n "nginx not running"
}

do_reload() {
kill -HUP `cat $PIDFILE` || echo -n "nginx can't reload"
}

case "$1" in
start)
echo -n "Starting $DESC: $NAME"
do_start
echo "."
;;
stop)
echo -n "Stopping $DESC: $NAME"
do_stop
echo "."
;;
reload|graceful)
echo -n "Reloading $DESC configuration..."
do_reload
echo "."
;;
restart)
echo -n "Restarting $DESC: $NAME"
do_stop
do_start
echo "."
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|reload|restart}" >&2
exit 3
;;
esac

exit 0

vhost 配置脚本

创建 vhost.sh 文件,并放入 /usr/local/bin ,并 chmod +x vhost.sh
使用方法: vhsot.sh create | delete domain

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
#!/bin/bash
### Set Language
TEXTDOMAIN=virtualhost

### Set default parameters
action=$1
domain=$2
rootDir=$3
owner=$(who am i | awk '{print $1}')
sitesEnable='/etc/nginx/sites-enabled/'
sitesAvailable='/etc/nginx/sites-available/'
userDir='/data/www/'

if [ "$(whoami)" != 'root' ]; then
echo $"You have no permission to run $0 as non-root user. Use sudo"
exit 1;
fi

if [ "$action" != 'create' ] && [ "$action" != 'delete' ]
then
echo $"You need to prompt for action (create or delete) -- Lower-case only"
exit 1;
fi

while [ "$domain" == "" ]
do
echo -e $"Please provide domain. e.g.dev,staging"
read domain
done

if [ "$rootDir" == "" ]; then
rootDir=${domain//./}
fi

### if root dir starts with '/', don't use /var/www as default starting point
if [[ "$rootDir" =~ ^/ ]]; then
userDir=''
fi

rootDir=$userDir$rootDir

if [ "$action" == 'create' ]
then
### check if domain already exists
if [ -e $sitesAvailable$domain ]; then
echo -e $"This domain already exists.\nPlease Try Another one"
exit;
fi

### check if directory exists or not
if ! [ -d $rootDir ]; then
echo $rootDir
exit
### create the directory
mkdir $rootDir
### give permission to root dir
chmod 755 $rootDir
### write test file in the new domain dir
if ! echo "<?php echo phpinfo(); ?>" > $rootDir/phpinfo.php
then
echo $"ERROR: Not able to write in file $userDir/$rootDir/phpinfo.php. Please check permissions."
exit;
else
echo $"Added content to $rootDir/phpinfo.php."
fi
fi

### create virtual host rules file
if ! echo "server {
listen 80;
root $rootDir;
index index.php index.html index.htm;
server_name $domain;

# serve static files directly
location ~* \.(jpg|jpeg|gif|css|png|js|ico|html)$ {
access_log off;
expires max;
}

# removes trailing slashes (prevents SEO duplicate content issues)
if (!-d \$request_filename) {
rewrite ^/(.+)/\$ /\$1 permanent;
}

# unless the request is for a valid file (image, js, css, etc.), send to bootstrap
if (!-e \$request_filename) {
rewrite ^/(.*)\$ /index.php?/\$1 last;
break;
}

# removes trailing 'index' from all controllers
if (\$request_uri ~* index/?\$) {
rewrite ^/(.*)/index/?\$ /\$1 permanent;
}

# catch all
error_page 404 /index.php;

location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)\$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}

location ~ /\.ht {
deny all;
}

}" > $sitesAvailable$domain
then
echo -e $"There is an ERROR create $domain file"
exit;
else
echo -e $"\nNew Virtual Host Created\n"
fi

### Add domain in /etc/hosts
# if ! echo "127.0.0.1 $domain" >> /etc/hosts
# then
# echo $"ERROR: Not able write in /etc/hosts"
# exit;
# else
# echo -e $"Host added to /etc/hosts file \n"
# fi

if [ "$owner" == "" ]; then
chown -R $(whoami):www-data $rootDir
else
chown -R $owner:www-data $rootDir
fi

### enable website
ln -s $sitesAvailable$domain $sitesEnable$domain

### restart Nginx
service nginx restart

### show the finished message
echo -e $"Complete! \nYou now have a new Virtual Host \nYour new host is: http://$domain \nAnd its located at $rootDir"
exit;
else
### check whether domain already exists
if ! [ -e $sitesAvailable$domain ]; then
echo -e $"This domain dont exists.\nPlease Try Another one"
exit;
else
### Delete domain in /etc/hosts
newhost=${domain//./\\.}
sed -i "/$newhost/d" /etc/hosts

### disable website
rm $sitesEnable$domain

### restart Nginx
service nginx restart

### Delete virtual host rules files
rm $sitesAvailable$domain
fi

### check if directory exists or not
if [ -d $rootDir ]; then
echo -e $"Delete host root directory ? (s/n)"
read deldir

if [ "$deldir" == 's' -o "$deldir" == 'S' ]; then
### Delete the directory
rm -rf $rootDir
echo -e $"Directory deleted"
else
echo -e $"Host directory conserved"
fi
else
echo -e $"Host directory not found. Ignored"
fi

### show the finished message
echo -e $"Complete!\nYou just removed Virtual Host $domain"
exit 0;
fi

错误

1. 域名过长

报错

could not build the server_names_hash, you should increase server_names_hash_bucket_size: 32

解决办法

在 nginx.conf 的 http 段添加:

server_names_hash_bucket_size 64;

注:如果已经存在,需要加大后面的数值,注意:该数值是32的倍数为宜。

参考地址