新年快乐,狗年大吉!
恭喜发财!啥时候抢红包我才能中个大奖
2018年2月
woothosting主机邮件功能居然是正常的
PHP的sendmail发邮件功能居然好用,yeah
杂交的OwnCloud在Nginx主机配置
nginx不支持owncloud的.htaccess文件加载,使用owncloud示例的配置文件结果502错误,自己把lnmp生成的推荐的杂交了一下,非常好,稳定无警告:)
server {
listen 80;
server_name domain.name;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name domain.name;
ssl_certificate /usr/local/nginx/conf/ssl/site.pem;
ssl_certificate_key /usr/local/nginx/conf/ssl/site.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
# Path to the root of your installation
root /home/wwwroot/domain.name;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/acme-challenge { }
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
return 404;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
return 404;
}
include enable-php-pathinfo.conf;
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into this topic first.
#add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
啊,OwnCloud居然需要InnoDB
安装了无数次都是服务器内部错误,查了半天错误日志才发现OwnCloud居然需要InnoDB。为了节省资源,MariaDB编译的时候我没加入InnoDB支持。又得在石头盘上重新开始编译:(
网站免费SSL证书的申请和在nginx中的配置方法
这年头网站不配个https网址感觉既不时尚也不安全,FreeSSL https://freessl.org 推出的长达一年有效期的免费SSL证书真是我等菜鸟福音。按要求设置域名TXT验证代码后直接从网站下载到一个zip文件,解压开就是ngnix直接可用的pem证书和秘钥key文件,把两个文件上传到VPS合适的位置比如/usr/local/nginx/conf/cert下,编辑/usr/local/nginx/vhost对应网站的conf文件,加入以下配置代码:
listen 443 default ssl;
ssl on;
ssl_certificate /usr/local/nginx/conf/cert/myserver.pem;
ssl_certificate_key /usr/local/nginx/conf/cert/myserver.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
重启nginx,试试看,是不是可以用https访问了?
试试我的网站:)https://www.sjzok.xyz