手工配置nginx真是件痛苦的事情,配置https,最初是在宝塔里折腾半天,这次手动编译nginx后配置又头大,不是很懂Nginx目录和配置规则,百度上的千篇一律就是没有一个自己能用的配置文件,只好研究conf配置,参考简书上的《Nginx配置文件中文对照》,慢慢折腾出了能让nginx开起来的conf。

Nginx核心conf配置文件目录

.\conf\ - 配置文件目录
.\conf\nginx.conf - 主配置文件
.\html\ - 默认网站文件位置
.\log\ - 默认日志文件位置

HTTP默认端口: TCP 80
HTTPS默认端口:* TCP 443

定义Nginx运行的用户和用户组
user  nobody; 

nginx进程数,建议设置为等于CPU总核心数。
worker_processes  1; 

全局错误日志定义类型,[ debug | info | notice | warn | error | crit ]
error_log  logs/error.log;
error_log  logs/error.log  notice;
error_log  logs/error.log  info;

进程文件
pid        logs/nginx.pid;

工作模式与连接数上限
events {
#单个进程最大连接数(最大连接数=连接数*进程数)
    worker_connections  1024;
}

设定http服务器
http {
    #文件扩展名与文件类型映射表
    include       mime.types;
    #默认文件类型
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    #开启高效文件传输模式
#sendfile指令指定nginx是否调用sendfile函数来输出文件。
#对于普通应用设为 on
#如果用来进行下载等应用磁盘IO重负载应用,可设置为off。
#以平衡磁盘与网络I/O处理速度,降低系统的负载。
#若图片显示不正常可以关闭
    sendfile        on;

    #防止网络阻塞
 tcp_nopush     on;


    #长连接超时时间,单位是秒
 #keepalive_timeout  0;
    keepalive_timeout  65;

    #开启gzip压缩输出
    #gzip  on;

    #虚拟主机的配置
    server {
        #监听端口
        listen       80;

        #域名可以有多个,用空格隔开
        server_name  localhost;

        #默认编码
        #charset utf-8;

        #定义本虚拟主机的访问日志
        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

         proxy the PHP scripts to Apache listening on 127.0.0.1:80
        
        location ~ \.php$ {
            proxy_pass   http://127.0.0.1;
        }

         pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        
        location ~ \.php$ {
            root           html;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
            include        fastcgi_params;
        }

        deny access to .htaccess files, if Apache's document root
         concurs with nginx's one
        
        location ~ /\.ht {
            deny  all;
        }
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    
    server {
        listen       8000;
        listen       somename:8080;
        server_name  somename  alias  another.alias;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }


     HTTPS server
    
    server {
        listen       443 ssl;
        server_name  localhost;

        ssl_certificate      cert.pem;
        ssl_certificate_key  cert.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }

}

这是我最终折腾出的一份conf配置
user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;
        gzip_disable "msie6";

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;

        server {
       listen       80;
       server_name sssss.learm.top; #在此输入你的域名
       rewrite ^ https://$http_host$request_uri? permanent;   
   }

   # HTTPS server
   server {
    listen 443;
    root /usr/share/nginx/html;
    server_name sssss.learm.top; #填写绑定证书的域名
    ssl on;  #设置强制https
    ssl_certificate /etc/nginx/cert/a.pem;  #设置证书目录,翻车了好多次
    ssl_certificate_key /etc/nginx/cert/a.key; #设置证书目录,翻车了好多次
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
    ssl_prefer_server_ciphers on;
    }
}