Hướng dẫn tạo Virtual Host Nginx
Tạo Virtual Host trong Nginx là một kỹ thuật quan trọng giúp bạn chạy nhiều trang web trên cùng một máy chủ. Điều này không chỉ giúp tối ưu hóa việc sử dụng tài nguyên mà còn mang lại sự linh hoạt trong quản lý và tổ chức các trang web của bạn. Trong bài viết này, chúng tôi sẽ cung cấp một hướng dẫn chi tiết về cách tạo và cấu hình Virtual Host trong Nginx.
Phần 1 : Virtual Host làm Reserve Proxy
server {
listen 80 ;
listen [::]:80 ;
server_name example.com www.example.com;
##Block Google Crawl
if ($http_user_agent ~* (google) ) {
return 403;
}
##Block Google Crawl
location / {
proxy_buffers 4 256k;
proxy_buffer_size 128k;
proxy_busy_buffers_size 256k;
proxy_headers_hash_max_size 1024;
proxy_headers_hash_bucket_size 128;
#1 hour timeout
proxy_read_timeout 3600;
client_max_body_size 100M;
proxy_pass http://192.168.1.10:80;
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Accept-Encoding "";
# Add HSTS header with preload.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
}
#Brotli
brotli on;
brotli_comp_level 8;
brotli_static on;
brotli_types application/atom+xml application/javascript application/json application/rss+xml
application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype
application/x-font-ttf application/x-javascript application/xhtml+xml application/xml
font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon
image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;
#Brotli
}Với SSL Let’s Encrypt :
server {
server_name thanhnh.id.vn;
location / {
# BLOCK SPAMMERS IP ADDRESSES
#include /etc/nginx/conf.d/blockips.conf;
# access_log one;
access_log /var/log/nginx/thanhnh.id.vn/access.log;
error_log /var/log/nginx/thanhnh.id.vn/error.log;
proxy_set_header Accept-Encoding "";
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
#
# Om nom nom cookies
#
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
#
# Custom headers and headers various browsers should be OK with but aren't
#
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
proxy_buffers 4 256k;
proxy_buffer_size 128k;
proxy_busy_buffers_size 256k;
#1 hour timeout
proxy_read_timeout 3600;
client_max_body_size 60M;
proxy_pass http://192.168.12.220:8898/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme;
# Add HSTS header with preload.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
#Brotli
brotli on;
brotli_comp_level 8;
brotli_static on;
brotli_types application/atom+xml application/javascript application/json application/rss+xml
application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype
application/x-font-ttf application/x-javascript application/xhtml+xml application/xml
font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon
image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;
#Brotli
}
listen [::]:443 ssl http2 ipv6only=on; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/thanhnh.id.vn/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/thanhnh.id.vn/privkey.pem; # managed by Certbot
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = thanhnh.id.vn) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name thanhnh.id.vn;
return 404; # managed by Certbot
}Phần 2 : Nginx sử dụng để handle PHP code
server {
listen 80;
server_name example.thanhnh.id.vn;
root /var/www/html/wordpress;
access_log /var/log/nginx/example.thanhnh.id.vn-access.log;
error_log /var/log/nginx/example.thanhnh.id.vn-error.log error;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
# pass PHP scripts on Nginx to FastCGI (PHP-FPM) server
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# Nginx php-fpm sock config:
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
# Nginx php-cgi config :
# Nginx PHP fastcgi_pass 127.0.0.1:9000;
}
# deny access to Apache .htaccess on Nginx with PHP,
# if Apache and Nginx document roots concur
location ~ /\.ht {
deny all;
}
}Nginx handle PHPMYADMIN
server {
listen 8080;
listen [::]:8080;
server_name pma.example.com;
root /usr/share/phpmyadmin/;
index index.php index.html index.htm index.nginx-debian.html;
access_log /var/log/nginx/phpmyadmin_access.log;
error_log /var/log/nginx/phpmyadmin_error.log;
location / {
try_files $uri $uri/ /index.php;
}
location ~ ^/(doc|sql|setup)/ {
deny all;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
include snippets/fastcgi-php.conf;
}
location ~ /\.ht {
deny all;
}
}Tìm hiểu thêm :
Post Comment