[配置]nginx配置文件

204产生器配置

location /generate_204 {
	access_log off;
	return 204;
}

SSL配置

首先需要在监听的端口上加入ssl选项,可以如下方配置。

listen 443 ssl http2 fastopen=3 reuseport;
listen [::]:443 ssl http2 fastopen=3 reuseport ipv6only=on;

SSL基本配置(证书、DH参数)

ssl on;
ssl_certificate /path/to/your/crt;
ssl_certificate_key /path/to/your/key;
#通过"openssl dhparam -out dhparam2048.pem 2048"生成文件
#耗时在低配置服务器上较长,可以在本地执行后复制上去
ssl_dhparam /path/to/your/dhparam2048.pem;

SSL算法偏好设置

ssl_prefer_server_ciphers on;
ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !MD5 !EXP !DSS !PSK !SRP !kECDH !CAMELLIA !RC4 !SEED';	
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

SSL会话重用设置

ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_buffer_size 64k;
ssl_session_tickets on;

OCSP装订设置

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /path/to/yourca.crt;
#此处信任证书链要求由低级到高级依次排列粘贴
resolver 119.29.29.29 valid=300s;
#对于国内主机,我使用dnspod的dns
resolver_timeout 10s;

WP-Super-Cache配置

set $cache_uri $request_uri;
#POST请求交由php处理
if ($request_method = POST) {
	set $cache_uri 'null cache';
}	
if ($query_string != "") {
	set $cache_uri 'null cache';
}   
#这些请求uri是不能缓存的
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
		set $cache_uri 'null cache';
}   
#不要为已知用户提供缓存(如已登陆用户、评论过的用户)
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") {
	set $cache_uri 'null cache';
}

location / {
	#如果你是普通用户,用以下语句:
	try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args;
	#如果你配置了纯https,用以下语句:
	#try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args;
}