NameDeal/nginx.conf.example at main · gentpan/NameDeal · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# NameDeal / 域名停放系统 Nginx 配置示例
# 使用前请替换:
# 1) server_name
# 2) root
# 3) fastcgi_pass (PHP-FPM socket 或 host:port)
#
# 启用方式(示例):
# sudo cp nginx.conf.example /etc/nginx/sites-available/domainparking.conf
# sudo ln -s /etc/nginx/sites-available/domainparking.conf /etc/nginx/sites-enabled/domainparking.conf
# sudo nginx -t && sudo systemctl reload nginx

server {
    listen 80;
    listen [::]:80;
    server_name example.com www.example.com;

    root /Users/pan/Desktop/domainparking;
    index index.php;

    charset utf-8;
    client_max_body_size 20m;

    # ========= 安全限制 =========
    # 拒绝访问隐藏文件和版本控制目录
    location ~ /\.(?!well-known) {
        deny all;
    }

    # 拒绝直接访问核心目录和数据目录
    location ^~ /core/ { deny all; }
    location ^~ /data/ { deny all; }

    # 拒绝访问敏感文件
    location ~* ^/(composer\.(json|lock)|package\.json|package-lock\.json|yarn\.lock|pnpm-lock\.yaml|README\.md|LICENSE)$ {
        deny all;
    }

    # ========= 静态资源 =========
    location ^~ /assets/ {
        access_log off;
        expires -1;
        add_header Cache-Control "no-cache, must-revalidate";
        try_files $uri =404;
    }

    location = /favicon.ico {
        access_log off;
        expires 30d;
        try_files $uri =404;
    }

    # ========= 兼容旧入口重写 =========
    # Apache .htaccess 里的历史路由兼容
    location = /search.php {
        return 302 /;
    }

    location = /api.php {
        return 302 /api/whois.php;
    }

    location = /domain-lookup.php {
        return 302 /;
    }

    location = /query-handler.php {
        return 302 /;
    }

    # ========= 后台伪静态路由 =========
    # /admin -> /admin.php
    location = /admin {
        rewrite ^ /admin.php?$query_string last;
    }

    location = /admin/ {
        rewrite ^ /admin.php?$query_string last;
    }

    # /admin/{section} -> /admin.php?section={section}
    location ~ ^/admin/(domains|stats|email|site|value|footer)/?$ {
        rewrite ^/admin/([a-z]+)/?$ /admin.php?section=$1&$query_string last;
    }

    # ========= 主路由 =========
    # 存在文件/目录直接访问，否则交给 index.php
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    # ========= PHP 处理 =========
    location ~ \.php$ {
        try_files $uri =404;

        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        fastcgi_index index.php;

        # 按你的环境修改:
        # Debian/Ubuntu 常见: unix:/run/php/php8.5-fpm.sock（按当前安装版本调整）
        # 或 TCP: 127.0.0.1:9000
        fastcgi_pass unix:/run/php/php8.5-fpm.sock;

        fastcgi_read_timeout 60s;
    }

    # ========= 基础安全响应头(可按需调整) =========
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;

    # 不启用 HSTS，避免在纯 HTTP 或未配置 HTTPS 时误伤。
}