优化 Nginx 配置(尤其是 add_header 选项)

优化 Nginx 配置(尤其是 add_header 选项)

我想优化下面代码的 Nginx 配置。特别是,我想知道是否有可能减少 add_header 参数的数量(我为每个块“位置”重写它们)。那么如何只写一次 add_header 参数?如果您发现其他优化,请随时告诉我。

祝你今天过得愉快。

server {
listen 443;
ssl on;

ssl_protocols TLSv1.2;

ssl_certificate      /certificate/mywebsite/fullchain.pem;
ssl_certificate_key  /certificate/mywebsite/privkey.pem;

ssl_session_cache none;
ssl_session_tickets off;

ssl_stapling on;
resolver 80.67.169.12 valid=30s;
resolver_timeout 5s;
ssl_stapling_verify on;
ssl_trusted_certificate /certificate/mywebsite/chain.pem;

ssl_dhparam /etc/nginx/dhparam.pem;

ssl_prefer_server_ciphers on;
ssl_ciphers '!kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 !kEECDH+AES128 kEECDH+AES256 !kEDH+AES128 kEDH+AES256 +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !RC4 !EXP !PSK !SRP !CAMELLIA !SEED';

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header Content-Security-Policy "default-src https://mywebsite:443"; 
add_header X-Frame-Options "DENY"; 
add_header X-Xss-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
add_header 'Referrer-Policy' 'no-referrer';

server_name mywebsite;
server_tokens off;
root /usr/share/nginx/html/restyaboard;
index  index.html index.php;
client_max_body_size 300M;

rewrite ^/oauth/authorize$ /server/php/authorize.php last;
rewrite ^/oauth_callback/([a-zA-Z0-9_\.]*)/([a-zA-Z0-9_\.]*)$ /server/php/oauth_callback.php?plugin=$1&code=$2 last;
rewrite ^/download/([0-9]*)/([a-zA-Z0-9_\.]*)$ /server/php/download.php?id=$1&hash=$2 last;
rewrite ^/ical/([0-9]*)/([0-9]*)/([a-z0-9]*).ics$ /server/php/ical.php?board_id=$1&user_id=$2&hash=$3 last;
rewrite ^/api/(.*)$ /server/php/R/r.php?_url=$1&$args last;
rewrite ^/api_explorer/api-docs/$ /client/api_explorer/api-docs/index.php last;

location / {
        root /usr/share/nginx/html/restyaboard/client;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; #Activation de HSTS
add_header Content-Security-Policy "default-src https://mywebsite:443"; 
add_header X-Frame-Options "DENY"; 
add_header X-Xss-Protection "1; mode=block"; 
add_header X-Content-Type-Options "nosniff"; 
add_header 'Referrer-Policy' 'no-referrer'; 
}

location ~ \.php$ {
        try_files $uri =404;
        include fastcgi_params;
        fastcgi_pass    unix:/run/php/php7.0-fpm.sock;
        fastcgi_index   index.php;
        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PHP_VALUE "upload_max_filesize=9G \n post_max_size=9G \n max_execution_time=200 \n max_input_time=200 \n memory_limit=256M";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; 
add_header Content-Security-Policy "default-src https://mywebsite:443"; 
add_header X-Frame-Options "DENY"; 
add_header X-Xss-Protection "1; mode=block"; 
add_header X-Content-Type-Options "nosniff"; 
add_header 'Referrer-Policy' 'no-referrer'; 
}

location ~* \.(css|js|less|html|ttf|woff|jpg|jpeg|gif|png|bmp|ico) {
        root /usr/share/nginx/html/restyaboard/client;
        if (-f $request_filename) {
                break;
        }
        rewrite ^/img/([a-zA-Z_]*)/([a-zA-Z_]*)/([a-zA-Z0-9_\.]*)$ /server/php/image.php?size=$1&model=$2&filename=$3 last;
        add_header        Cache-Control public;
        add_header        Cache-Control must-revalidate;
        expires           7d;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; 
add_header Content-Security-Policy "default-src https://mywebsite:443"; 
add_header X-Frame-Options "DENY"; 
add_header X-Xss-Protection "1; mode=block"; 
add_header X-Content-Type-Options "nosniff"; 
add_header 'Referrer-Policy' 'no-referrer'; 
}

答案1

的问题add_header是如果你在块中使用一个(例如location),那么它会覆盖全部更高级别的add_header语句。因此,如果您需要更改其中任何一个,就必须重复所有语句。

为了解决这个问题,您可以使用includes,并将不需要更改的标题放在包含的文件中较低的级别,然后include将其放在每个文件中location

相关内容