所以,我想只保护我网站的登录和管理部分。问题是管理员使用一般站点上使用的一些常见静态文件。这意味着当我在管理员中时,这些文件应通过 https 提供,而当我在常规网站上时,应将其作为 http提供
如何配置nginx以这种方式运行?
到目前为止我使用的配置如下:
server {
listen 80;
server_name site.com www.site.com;
root /home/site_folder/web;
index index.php;
location ~ /(get-involved|contribute|api) {
return 301 https://$server_name$request_uri;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param HTTPS on;
fastcgi_param SCRIPT_FILENAME /home/site_folder/web/index.php;
}
location / {
root /home/site_folder/web;
if (-f $request_filename) {
expires max;
break;
}
try_files $uri $uri/index.php;
rewrite ^(.*) /index.php last;
}
}
server {
listen 443 ssl;
ssl_certificate path_to_ssl.crt;
ssl_certificate_key path_to_key.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name site.com www.site.com;
root /home/site_folder/web;
index index.php;
location ~ /(get-involved|contribute|api) {
root /home/site_folder/web;
if (-f $request_filename) {
expires max;
break;
}
try_files $uri $uri/index.php;
rewrite ^(.*) /index.php last;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param HTTPS on;
fastcgi_param SCRIPT_FILENAME /home/site_folder/web/index.php;
}
location / {
return 301 http://$server_name$request_uri;
}
}