NAT VPS部署Nginx + PHP和Nginx反代

Nginx + PHP

更新apt

apt-get update
apt-get upgrade

安裝nginx

apt-get install nginx

vi /etc/nginx/sites-enabled/default （改nginx端口为NAT端口）
vi /var/www/html/index.nginx-debian.html （修改首页）
nginx               （启动nginx）
nginx -s reload          （发布站点）
nginx -s reopen          （更新nginx）

安裝php和php-fpm

apt install php7.3 php7.3-fpm

設置Nginx

新增nginx server block
nano /etc/nginx/sites-available/example.com

ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

server {
        #https settings
        listen 443;
        listen [::]:443;
        ssl on;
        ssl_certificate /etc/nginx/ssl/ssl.pem;
        ssl_certificate_key /etc/nginx/ssl/ssl.key;
        ssl_session_timeout  5m;
        #ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        
        #basic web settings
        root /var/www/example.com/html;
        index index.php index.html index.htm index.nginx-debian.html;

        server_name example.com www.example.com;
        
        location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
            
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
        }
        
        #grav settings
        location / {
            try_files $uri $uri/ /index.php?_url=$uri&$query_string;
        }

        location ~* ^/(\.git|cache|bin|logs|backup|tests)/.*$ {
            return 403;
        }

        location ~* ^/(\.git|cache|bin|logs|backup|tests)/.*$ {
            return 403;
        }

        location ~* ^/(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ {
            return 403;
        }

        location ~* ^/user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ {
            return 403;
        }

        location ~ ^/(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) {
            return 403;
        }
}

server {
    #http redirects
    listen 80;
    listen [::]:80;
    server_name server_name example.com www.example.com;
    return 301 https://example.com$request_uri;
}

letsencrypt证书

通过acme.sh api方式获取

安裝php extension

sudo apt install php-fpm php-gd php-curl php-zip php-mbstring php-xml

Nginx反代

仅仅反代https流量(emby使用)

# HTTP
server {
    listen        31269;

    location / {
        proxy_pass            https://emby地址:443;
        proxy_set_header      Host $proxy_host;
        proxy_set_header      X-Real-IP $remote_addr;
        proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header      X-Forwarded-Proto $scheme;
        proxy_ssl_name        emby地址;
        proxy_ssl_server_name on; 
    }
}