From 8f3f9d43ab7a6e1b14519badc6ccb380fa9126df Mon Sep 17 00:00:00 2001
From: Stille <stille@live.com>
Date: Fri, 27 Mar 2020 13:43:08 +0800
Subject: [PATCH] Create configuration files

---
 conf/nginx.conf                  | 33 +++++++++++++
 html/index.html                  | 11 +++++
 ssl/none.cer                     | 15 ++++++
 ssl/none.key                     | 15 ++++++
 vhost/nginx-docker.sample.conf   | 41 +++++++++++++++
 vhost/yourdomain.com.sample.conf | 85 ++++++++++++++++++++++++++++++++
 6 files changed, 200 insertions(+)
 create mode 100644 conf/nginx.conf
 create mode 100644 html/index.html
 create mode 100644 ssl/none.cer
 create mode 100644 ssl/none.key
 create mode 100644 vhost/nginx-docker.sample.conf
 create mode 100644 vhost/yourdomain.com.sample.conf

diff --git a/conf/nginx.conf b/conf/nginx.conf
new file mode 100644
index 0000000..988bb51
--- /dev/null
+++ b/conf/nginx.conf
@@ -0,0 +1,33 @@
+
+user  nginx;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/conf.d/vhost/*.conf;
+}
diff --git a/html/index.html b/html/index.html
new file mode 100644
index 0000000..8f2bfd0
--- /dev/null
+++ b/html/index.html
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Document</title>
+</head>
+<body>
+    Hello World
+</body>
+</html>
\ No newline at end of file
diff --git a/ssl/none.cer b/ssl/none.cer
new file mode 100644
index 0000000..d69a7a4
--- /dev/null
+++ b/ssl/none.cer
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICSTCCAbICCQD47xY1QEIxDzANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJD
+TjEQMA4GA1UECAwHQkVJSklORzEQMA4GA1UEBwwHQkVJSklORzEVMBMGA1UECgwM
+QkVJSklORyBURVNUMQswCQYDVQQLDAJJVDESMBAGA1UEAwwJMTI3LjAuMC4xMB4X
+DTIwMDExNzE1MjE0M1oXDTMwMDExNDE1MjE0M1owaTELMAkGA1UEBhMCQ04xEDAO
+BgNVBAgMB0JFSUpJTkcxEDAOBgNVBAcMB0JFSUpJTkcxFTATBgNVBAoMDEJFSUpJ
+TkcgVEVTVDELMAkGA1UECwwCSVQxEjAQBgNVBAMMCTEyNy4wLjAuMTCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEAxhuEv/c7Qu7VzxD6ZYbIA56FpKNFHFkDG6oq
+87MgHlkb7tcEnV1ZjE+Glfi89tZTgISOByRp5/lBK9fw2PNGcIV5HKYmum4UXCEo
+OJExZR97bFBSPyh07eDCDdXW5Ri//9K5JJvp+R2oSVMEomBedczbfD0vCYlDpX3x
+rzW09FkCAwEAATANBgkqhkiG9w0BAQsFAAOBgQDBK4vUAmGzvkD6ISJEumv6r7UG
+EyuvRTQlZbpsrJDnIMtFdPtHliigZ8MzBUHfozQimYM7v+kzuCQGNgzo35KYhudS
+RR6NqEsAJJEtZpaQQscVhvryw/nV72FVFnVSgEbatYApRFPDCX81sfYJ023XpLdN
+x6GFQZmQyBnXRrmhOg==
+-----END CERTIFICATE-----
diff --git a/ssl/none.key b/ssl/none.key
new file mode 100644
index 0000000..6ff7d95
--- /dev/null
+++ b/ssl/none.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDGG4S/9ztC7tXPEPplhsgDnoWko0UcWQMbqirzsyAeWRvu1wSd
+XVmMT4aV+Lz21lOAhI4HJGnn+UEr1/DY80ZwhXkcpia6bhRcISg4kTFlH3tsUFI/
+KHTt4MIN1dblGL//0rkkm+n5HahJUwSiYF51zNt8PS8JiUOlffGvNbT0WQIDAQAB
+AoGAFXryX+YstMs0v6j1nYCJu2q6zuktGy/DmIJQ+e+YMfIzhyglRfLTPNV6oFRC
+GPmQQEUfKUMXgKGUIW7enId0QZow+EwTN6zQssiC2FIPOmqxDZmG8TLrDp7U9ooE
+DSHlKruDGNOyeOdIpCp+XUZZxzuzYkopEpoq0xzMXcfXKmkCQQDs80DePgC+K3FR
+Wli8v39ls7zvEgl9rnXz+FkD7twEqW00o8Isx4SkcPIF2hACd2gDSgJ/D2SP6MX5
+qKv25T6fAkEA1gjUwRTm7zraxc1pfP2EPhYRIh0qk35KCC6+3zb2fbSPR1beC99a
+Zkhv5vpOLhgi2GOBwb/Jv3Ir+i5Cty0CBwJAVvE+uQ1JGn44OyCKdN9TMI8N4S7e
+GqacEyPqDZ5kTrWYI3t+8Q1YZzomI+2KeE019hb+6X5NaNyBYAT67EHbgwJBAMi8
+ZZVk3iX2Y+JqAYp5VkLIfW8qPZkxM4uzE87ThKBm7I3y2bP22ZjeTR0rGpG+j0e1
+I6gsELIeCULNikKz0pcCQA2LabSVrdxMysfhui1jiW4vo7m93+VwW8atO06mil/Y
+SE37NiykwSp7liEJuADlgSH0codjHjKak4Ow9RhSTjA=
+-----END RSA PRIVATE KEY-----
diff --git a/vhost/nginx-docker.sample.conf b/vhost/nginx-docker.sample.conf
new file mode 100644
index 0000000..da273c5
--- /dev/null
+++ b/vhost/nginx-docker.sample.conf
@@ -0,0 +1,41 @@
+upstream dockername { 
+    server 127.0.0.1:8080; # 端口改为docker容器提供的端口
+}
+
+server {
+    listen 80;
+    server_name  www.domain.com;
+    return 301 https://www.domain.com$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name  www.domain.com;
+    gzip on;    
+
+    ssl_certificate /etc/nginx/ssl/none.cer;
+    ssl_certificate_key /etc/nginx/ssl/none.key;
+
+    # access_log /var/log/nginx/dockername_access.log combined;
+    # error_log  /var/log/nginx/dockername_error.log;
+
+    location / {
+        proxy_redirect off;
+        proxy_pass http://dockername;
+
+        proxy_set_header  Host                $http_host;
+        proxy_set_header  X-Real-IP           $remote_addr;
+        proxy_set_header  X-Forwarded-Ssl     on;
+        proxy_set_header  X-Forwarded-For     $proxy_add_x_forwarded_for;
+        proxy_set_header  X-Forwarded-Proto   $scheme;
+        proxy_set_header  X-Frame-Options     SAMEORIGIN;
+
+        client_max_body_size        100m;
+        client_body_buffer_size     128k;
+        
+        proxy_buffer_size           4k;
+        proxy_buffers               4 32k;
+        proxy_busy_buffers_size     64k;
+        proxy_temp_file_write_size  64k;
+    }
+}
\ No newline at end of file
diff --git a/vhost/yourdomain.com.sample.conf b/vhost/yourdomain.com.sample.conf
new file mode 100644
index 0000000..40a468e
--- /dev/null
+++ b/vhost/yourdomain.com.sample.conf
@@ -0,0 +1,85 @@
+server
+    {
+        listen 80;
+        #listen [::]:80;
+        server_name www.yourdomain.com ;
+        index index.html index.htm index.php default.html default.htm default.php;
+        root  /usr/share/nginx/html/www.yourdomain.com;
+
+        # return 301 https://www.yourdomain.com$request_uri;
+
+        #error_page   404   /404.html;
+
+        # Deny access to PHP files in specific directory
+        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
+
+        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
+        {
+            expires      30d;
+        }
+
+        location ~ .*\.(js|css)?$
+        {
+            expires      12h;
+        }
+
+        location ~ /.well-known {
+            allow all;
+        }
+
+        location ~ /\.
+        {
+            deny all;
+        }
+
+        access_log off;
+    }
+
+server
+    {
+        listen 443 ssl http2;
+        #listen [::]:443 ssl http2;
+        server_name www.yourdomain.com ;
+        index index.html index.htm index.php default.html default.htm default.php;
+        root  /usr/share/nginx/html/www.yourdomain.com;
+
+#        if ($host = 'yourdomain.com') {
+#            return 301 https://www.yourdomain.com$request_uri;
+#        }
+
+        ssl_certificate /etc/nginx/ssl/none.cer;
+        ssl_certificate_key /etc/nginx/ssl/none.key;
+        ssl_session_timeout 5m;
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+        ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
+        ssl_session_cache builtin:1000 shared:SSL:10m;
+        # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
+        # ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
+
+        #error_page   404   /404.html;
+
+        # Deny access to PHP files in specific directory
+        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
+
+        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
+        {
+            expires      30d;
+        }
+
+        location ~ .*\.(js|css)?$
+        {
+            expires      12h;
+        }
+
+        location ~ /.well-known {
+            allow all;
+        }
+
+        location ~ /\.
+        {
+            deny all;
+        }
+
+        access_log off;
+    }