默认主页 :https://shudong.wang https://www.shudong.wanghttp://www.shudong.wang重定向到 https://shudong.wang

server {
  listen 80;
  #listen [::]:80;
  server_name shudong.wang;
  access_log /home/wwwlogs/shudong.wang.log;
  return 301 https://shudong.wang$request_uri;
}
server {
  listen 80;
  #listen [::]:80;
  server_name www.shudong.wang ;
  access_log /home/wwwlogs/shudong.wang.log;
  return 301 https://shudong.wang$request_uri;
}

server {
  listen 443 ssl http2;
  #listen [::]:443 ssl http2;
  server_name www.shudong.wang ;
  ssl_certificate /usr/local/nginx/conf/ssl/shudong.wang/fullchain.cer;
  ssl_certificate_key /usr/local/nginx/conf/ssl/shudong.wang/shudong.wang.key;
  ssl_session_timeout 5m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
  ssl_prefer_server_ciphers on;
  ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
  ssl_session_cache builtin:1000 shared:SSL:10m;
  access_log /home/wwwlogs/shudong.wang.log;
  return 301 https://shudong.wang$request_uri;

}

server {
  listen 443 ssl http2;
  #listen [::]:443 ssl http2;
  server_name shudong.wang ;
  index index.html index.htm index.php default.html default.htm default.php;
  root /home/wwwroot/shudong.wang/public;

  ssl_certificate /usr/local/nginx/conf/ssl/shudong.wang/fullchain.cer;
  ssl_certificate_key /usr/local/nginx/conf/ssl/shudong.wang/shudong.wang.key;
  ssl_session_timeout 5m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
  ssl_prefer_server_ciphers on;
  ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
  ssl_session_cache builtin:1000 shared:SSL:10m;
  # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
  ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

  include enable-php.conf;
  location / {
    proxy_pass http://127.0.0.1:5500;
  }
  location ~ /\. {
    deny all;
  }

  access_log /home/wwwlogs/shudong.wang.log;
}

# nginx -s reload