如何在两台服务器之间共享通用配置。我的应用程序支持http和https(少数页面),我目前正在使用fastcgi_param来保存敏感信息,如数据库名称和密码。我如何共享服务器的位置和fastcgi_param(80,443)。
server {
listen 80;
server_name example.com;
}
server {
listen 443 ssl;
server_name example.com;
root /home/forge/example.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl on;
ssl_certificate /etc/nginx/ssl/example.com/304/server.crt;
ssl_certificate_key /etc/nginx/ssl/example.com/304/server.key;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_param ENV "production";
fastcgi_param DB_HOST "127.0.0.1";
fastcgi_param DB_PASSWORD "123456";
fastcgi_param DB_USERNAME "user";
fastcgi_param DB_NAME "example";
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
我想分享:
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_param ENV "production";
fastcgi_param DB_HOST "127.0.0.1";
fastcgi_param DB_PASSWORD "123456";
fastcgi_param DB_USERNAME "user";
fastcgi_param DB_NAME "example";
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
答案 0 :(得分:7)
从0.7.14开始,您可以将HTTP和HTTPS服务器块组合成一个 - 更容易维护:
server {
listen 80;
listen 443 ssl;
server_name example.com;
...
}
看一看 http://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server 详情。
答案 1 :(得分:3)
除了安德烈的答案,这应该对你有很大的帮助。
NGINX也支持include声明。
例如,您可以创建一个公共目录( / etc / nginx / common / ),然后创建/etc/nginx/common/locations.conf。您的locations.conf文件将包含类似
# NGINX CONFIGURATION FOR COMMON LOCATION
# Basic locations files
location = /favicon.ico {
access_log off;
log_not_found off;
expires max;
}
# Cache static files
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf)$ {
add_header "Access-Control-Allow-Origin" "*";
access_log off;
log_not_found off;
expires max;
}
# Security settings for better privacy
# Deny hidden files
location ~ /\.well-known {
allow all;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Deny backup extensions & log files
location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$ {
deny all;
access_log off;
log_not_found off;
}
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") {
return 403;
}
然后在您的一个站点配置文件中,您只需使用include common/locations.conf;来包含位置文件。例如,
server {
listen 80;
listen 443 ssl;
server_name example.com;
include common/locations.conf;
...
}
答案 2 :(得分:0)
我个人使用Ansible通过描述所需终端状态的数据文件来配置和设置服务器。看到 https://github.com/geerlingguy/ansible-role-nginx
requirements.yml
---
- src: geerlingguy/ansible-role-nginx
主机
[local]
localhost ansible_connection=local
playbook.yml 伪代码
---
- hosts: server
roles:
- { role: geerlingguy.nginx }
nginx_vhosts:
- listen: "80"
server_name: "example.com www.example.com"
return: "301 https://example.com$request_uri"
filename: "example.com.80.conf"
您可以使用Jinja2 templates复制和配置片段
使用ansible-galaxy -i hosts playbook.yml