nginx 实现https的配置文件的处理

user  www www;

worker_processes auto;

error_log  /home/wwwlogs/nginx_error.log  crit;

pid        /usr/local/nginx/logs/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.

worker_rlimit_nofile 51200;

events

    {

        use epoll;

        worker_connections 51200;

        multi_accept on;

    }

http

    {

        include       mime.types;

        default_type  application/octet-stream;

        server_names_hash_bucket_size 128;

        client_header_buffer_size 32k;

        large_client_header_buffers 4 32k;

        client_max_body_size 50m;

        sendfile   on;

        tcp_nopush on;

        keepalive_timeout 60;

        tcp_nodelay on;

        fastcgi_connect_timeout 300;

        fastcgi_send_timeout 300;

        fastcgi_read_timeout 300;

        fastcgi_buffer_size 64k;

        fastcgi_buffers 4 64k;

        fastcgi_busy_buffers_size 128k;

        fastcgi_temp_file_write_size 256k;

        gzip on;

        gzip_min_length  1k;

        gzip_buffers     4 16k;

        gzip_http_version 1.1;

        gzip_comp_level 2;

        gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;

        gzip_vary on;

        gzip_proxied   expired no-cache no-store private auth;

        gzip_disable   "MSIE [1-6]\.";

        #limit_conn_zone $binary_remote_addr zone=perip:10m;

        ##If enable limit_conn_zone,add "limit_conn perip 10;" to server section.

        server_tokens off;

        access_log off;

   server {

listen 80;

server_name demo.com;

rewrite ^(.*)$ https://$host$1 permanent;

}

   server {

listen 443;

server_name demo.com;

ssl on;

root /var/wwwroot/default;

index index.php index.html;

ssl_certificate   1_www.demo.com_bundle.crt;

ssl_certificate_key 2_www.demo.com.key;

ssl_session_timeout 5m;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

location / {

index index.html index.php;

#如果文件不存在则尝试TP解析

#try_files  $uri /$uri/index.html /index.php$uri;

}

location ~ .+\.php($|/) {

fastcgi_pass  unix:/tmp/php-cgi.sock;

fastcgi_index  index.php;

#设置PATH_INFO，注意fastcgi_split_path_info已经自动改写了fastcgi_script_name变量，

#后面不需要再改写SCRIPT_FILENAME,SCRIPT_NAME环境变量，所以必须在加载fastcgi.conf之前设置

#fastcgi_split_path_info  ^(.+\.php)(/.*)$;

#fastcgi_param  PATH_INFO $fastcgi_path_info;

#加载Nginx默认"服务器环境变量"配置

include        fastcgi.conf;

include        fastcgi_params;

}

location ~ /\.git {

deny  all;

}

}

include vhost/*.conf;

}