Nginx之httpd段限制配置

http段

# 禁止通過ip地址訪問
 server {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name _;
	return 400;
}
# 允許通過域名訪問-自動跳轉到https
 server {
	listen 80;
	server_name 你的域名.com;
	rewrite ^(.*) https://$server_name$1 permanent;
}

 

https段

# 禁止通過ip地址訪問-https
server {
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    #ssl on;
    ssl_certificate 3935979_www.slience.com.pem;
	ssl_certificate_key 3935979_www.slience.com.key;
    server_name _;
    return 400;
}
server
  {
    listen 443 ssl;                       #監聽端口
    server_name   你的域名.com;              #域名
    index index.html index.htm index.php;
	ssl_certificate   # 你的證書.pem;
	ssl_certificate_key 你的證書key.key;
	ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    root /home/web/html;          # 你的站點目錄
      location ~ .*\.(php|php5)?$
    {
      #fastcgi_pass unix:/tmp/php-cgi.sock;
      fastcgi_pass 127.0.0.1:9000;
      fastcgi_index index.php;
      include fastcgi.conf;
    }
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$
    {
      expires 30d;
  # access_log off;
    }
    location ~ .*\.(js|css)?$
    {
      expires 15d;
   # access_log off;
    }
    access_log off;
  }