这几天用了下宝塔面板,对比自己常用的LNMP,各有长短
记录下相关东西
宝塔国内版
国内版本更新频率大,也是宝塔的重点方向
官网地址
宝塔国际版
国际版名叫aaPanel,纯英文,没有收费插件,很少更新
github
官网地址
取消强制登录
国内版本新安装默认强制要求手机号登录,可以取消
安装宝塔后用SSH执行:
sed -i "s|bind_user == 'True'|bind_user == 'XXXX'|" /www/server/panel/BTPanel/static/js/index.js
跨域问题
再域名配置文件加入
location /
{
add_header Access-Control-Allow-Origin *;
}
禁止http(s)://ip访问
来源:CSDN
默认情况下,宝塔http://ip显示空白页,https://ip显示第一个站点
防止出现这种情况和恶意解析
禁止ip地址直接访问方法如下
先配置证书和密钥
证书
编辑/www/server/panel/vhost/cert/default/fullchain.pem
,内容如下
-----BEGIN CERTIFICATE-----
MIIDITCCAsagAwIBAgIUTcEWLzynkLCFCoAC1iDH2vG3EkYwCgYIKoZIzj0EAwIw
gY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T
YW4gRnJhbmNpc2NvMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTgwNgYDVQQL
Ey9DbG91ZEZsYXJlIE9yaWdpbiBTU0wgRUNDIENlcnRpZmljYXRlIEF1dGhvcml0
eTAeFw0xOTAxMTMxNDMxMDBaFw0zNDAxMDkxNDMxMDBaMGIxGTAXBgNVBAoTEENs
b3VkRmxhcmUsIEluYy4xHTAbBgNVBAsTFENsb3VkRmxhcmUgT3JpZ2luIENBMSYw
JAYDVQQDEx1DbG91ZEZsYXJlIE9yaWdpbiBDZXJ0aWZpY2F0ZTBZMBMGByqGSM49
AgEGCCqGSM49AwEHA0IABAg/hZ9lDHj/f+0jDRAN23TkNEqIi46mCGnwZVD3glxL
l+a1mpfXLHSEFTipnSyQgmvkPYzQGaEIFD0q6W/ZgMujggEqMIIBJjAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMAwGA1UdEwEB
/wQCMAAwHQYDVR0OBBYEFCEZF6Eyem01XPbgwr6DXLZV1qsQMB8GA1UdIwQYMBaA
FIUwXTsqcNTt1ZJnB/3rObQaDjinMEQGCCsGAQUFBwEBBDgwNjA0BggrBgEFBQcw
AYYoaHR0cDovL29jc3AuY2xvdWRmbGFyZS5jb20vb3JpZ2luX2VjY19jYTAjBgNV
HREEHDAaggwqLmRuc3BvZC5jb22CCmRuc3BvZC5jb20wPAYDVR0fBDUwMzAxoC+g
LYYraHR0cDovL2NybC5jbG91ZGZsYXJlLmNvbS9vcmlnaW5fZWNjX2NhLmNybDAK
BggqhkjOPQQDAgNJADBGAiEAnrequCk/QZOOrcPH6C3Hgcy4SPNUy5rQtku/aYkj
qQoCIQCN6IyYNiXuwG+8jUgJrveiirBjiz2jXZSTEfVAyibjTg==
-----END CERTIFICATE-----
密钥
编辑/www/server/panel/vhost/cert/default/privkey.pem
,内容如下
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgK0HE3hTJQDg6p/fj
nS92eSuRKZEZ5F4grT6tWFKNYVmhRANCAAQIP4WfZQx4/3/tIw0QDdt05DRKiIuO
pghp8GVQ94JcS5fmtZqX1yx0hBU4qZ0skIJr5D2M0BmhCBQ9Kulv2YDL
-----END PRIVATE KEY-----
然后修改(没有的话就新增)/www/server/panel/vhost/nginx/0.default.conf
为:
server{
listen 80;
listen 443 ssl http2;
server_name _;
#直接用ip访问时重定向为444
if ( $host ~* "\d+\.\d+\.\d+\.\d+" ) {
return 444;
}
#配置无效证书
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/default/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/default/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
}
NGINX相关
像mp4之类的默认是播放,可以指定文件直接下载
location ~ \.(MP4|mp4|m4v|M4V|AVI|avi|WMV|wmv)$
{
types {}
add_header Content-Type application/octet-stream;
}
跨域调用问题
location / {
add_header Access-Control-Allow-Origin *;
}
反代二级目录
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://aliyunhk.waiwang.men:26900/ui/;
}
删除日志
定时任务
每隔 5分钟
rm -rf /www/server/panel/logs/request/*
反向代理
宝塔的规则,记录下方便查阅
nginx文件
#引用反向代理规则,注释后配置的反向代理将无效
include /www/server/panel/vhost/nginx/proxy/www.imcxx.com/*.conf;
反代
#PROXY-START/
location ~* \.(php|jsp|cgi|asp|aspx)$
{
proxy_pass https://1.1.1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
}
location /
{
proxy_pass https://1.1.1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
add_header X-Cache $upstream_cache_status;
#Set Nginx Cache
proxy_ignore_headers Set-Cookie Cache-Control expires;
add_header Cache-Control no-cache;
expires 12h;
}
#PROXY-END
此处评论已关闭