1. 强制 HTTPS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
server {
    listen 443;

    root /var/www/xxxxxx.com;
    index index.html index.htm;

    ssl on;
    ssl_certificate /var/www/acme/xxxxxx.com/fullchain.cer;
    ssl_certificate_key /var/www/acme/xxxxxx.com/xxxxxx.com.key;

    server_name xxxxxx.com;
}

server {
    listen 80;
    server_name xxxxxx.com;

    location / {
        rewrite ^/(.*)$ https://$server_name/$1 permanent;
    }
}

2. 访问控制

1
2
3
4
5
6
7
8
9
10
11
server {
    listen 80;

    root /var/www/xxxxxx.com;
    index index.html index.htm;

    server_name xxxxxx.com;

    allow SOME_IP;
    deny all;
}