分類: php

nginx 啟動時會自動安裝let’s encrypt ssl ，nginx與tomcat及php-fpm間使用proxy_pass，大概如下:

server {
    # Listen to port 443 on both IPv4 and IPv6.
    listen 443 ssl default_server reuseport;
    listen [::]:443 ssl default_server reuseport;

    # Domain names this server should respond to.
    server_name a.yslifes.com;

    root /var/www/html;
    # Load the certificate files.
    ssl_certificate         /etc/letsencrypt/live/a.yslifes.com/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/a.yslifes.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/a.yslifes.com/chain.pem;

    # Load the Diffie-Hellman parameter.
    ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;

    #return 200 'Let\'s Encrypt certificate successfully installed!';
    #add_header Content-Type text/plain;


    gzip on;
    gzip_types text/plain application/xml application/json;
    gzip_comp_level 9;
    gzip_min_length 1000;


    #brotli on;
 
    # 預設為 6, 0 ~ 11; 值愈大壓縮率愈高，使用的 CPU 愈多~
    #brotli_comp_level 6;
    #brotli_static on;
 
    # 壓縮對像
    #brotli_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;
 



    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    #location / {
    #        proxy_pass http://api/;
    #}


        # Add index.php to the list if you are using PHP
    index index.php index.html index.htm index.nginx-debian.html;


#    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
#            try_files $uri $uri/ =404;
#    }
    location / {
        proxy_pass http://tomcat10:8080/;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Forwarded $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
    }
#    location ~ [^/]\.php(/|$) {
#       fastcgi_split_path_info ^(.+?\.php)(/.*)$;
#       if (!-f $document_root$fastcgi_script_name) {
#           return 404;
#       }

       # Mitigate https://httpoxy.org/ vulnerabilities
#       fastcgi_param HTTP_PROXY "";
   
#       fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
#       fastcgi_param PATH_INFO        $fastcgi_path_info;

#       fastcgi_pass phpfpm7.4:9000;
#       fastcgi_index index.php; 

       # include the fastcgi_param setting
#       include fastcgi_params;

       # SCRIPT_FILENAME parameter is used for PHP FPM determining
       #  the script name. If it is not set in fastcgi_params file,
       # i.e. /etc/nginx/fastcgi_params or in the parent contexts,
       # please comment off following line:
       # fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
#    }
}

docker-compose.yml檔如下: