nginx配置项
[root@VM-0-13-centos conf.d]# cat sm-image.conf
server {
listen 443 ssl;
listen [::]:443 ssl;
# your url
# If there are more than one, separate them with spaces
server_name 二级域名;
# your ssl certificate file route
# 证书相关
ssl_certificate /root/ssl/full_chain.pem;
ssl_certificate_key /root/ssl/private.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:20m;
# open session tickets ,and set tikeckets file route
ssl_session_tickets on;
#ssl_session_ticket_key /usr/local/nginx/conf.d/tls_session_ticket.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;
ssl_prefer_server_ciphers on;
#ssl_dhparam /etc/ssl/certs/dhparam.pem;
client_max_body_size 16M;
keepalive_timeout 30;
#charset koi8-r;
# 设置编码
# set my charset utf-8
charset utf-8;
#access_log /var/log/nginx/log/host.access.log main;
underscores_in_headers on;
# 请求相关配置
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
#add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://a.disquscdn.com; img-src 'self' data: https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; frame-src https://disqus.com";
# 过滤处理相关
location /images {
# location ~ .*\.(gif|jpg|jpeg|png)$ {
expires 24h; # 存活时间配置
# png 格式乱码配置!
add_header content-type "image/png";
proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_hide_header X-Powered-By;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_temp_path /var/www/bymedo; # image path
root /var/www/bymedo; # image path
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 40k;
proxy_buffers 40 320k;
proxy_busy_buffers_size 640k;
proxy_temp_file_write_size 640k;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
# 错误默认返回页
root /usr/local/nginx/html;
}
}
其中最关键的部分在于:
add_header content-type "image/png";
适用于png
、jpg
等图片格式。
注意事项
- 更改完成后,一定要记得
./nginx -s reload
重新启动nginx 清理浏览器缓存
。