server { listen 80; server_name domain.com www.domain.com; # 日志路径建议/usr/local/nginx/logs/ access_log /usr/local/nginx/logs/www.domain.com_nginx.log combined; index index.html index.htm index.php; root /var/www/html/wordpress; location ~ \.php$ { include fastcgi_params; fastcgi_pass 127.0.0.1:9074; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; try_files $uri =404; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ { expires 30d; access_log off; } location ~ .*\.(js|css)?$ { expires 7d; access_log off; } location ~ /\.ht { deny all; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate /usr/local/nginx/conf/ssl/domain.com.crt; ssl_certificate_key /usr/local/nginx/conf/ssl/domain.com.key; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; # intermediate configuration ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; ssl_prefer_server_ciphers off; # OCSP stapling ssl_stapling on; ssl_stapling_verify on; server_name domain.com www.domain.com; # 日志路径建议/usr/local/nginx/logs/ access_log /usr/local/nginx/logs/www.domain.com_nginx.log combined; index index.html index.htm index.php; root /var/www/html/wordpress; location ~ \.php$ { include fastcgi_params; fastcgi_pass 127.0.0.1:9074; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; try_files $uri =404; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ { expires 30d; access_log off; } location ~ .*\.(js|css)?$ { expires 7d; access_log off; } location ~ /\.ht { deny all; } }