这几天用了下宝塔面板,对比自己常用的LNMP,各有长短

记录下相关东西

宝塔国内版

国内版本更新频率大,也是宝塔的重点方向
官网地址

宝塔国际版

国际版名叫aaPanel,纯英文,没有收费插件,很少更新
github
官网地址

取消强制登录

国内版本新安装默认强制要求手机号登录,可以取消
安装宝塔后用SSH执行:

sed -i "s|bind_user == 'True'|bind_user == 'XXXX'|" /www/server/panel/BTPanel/static/js/index.js

跨域问题

再域名配置文件加入

location /
    {  
                  add_header Access-Control-Allow-Origin *;  
        }

禁止http(s)://ip访问

来源:CSDN
默认情况下,宝塔http://ip显示空白页,https://ip显示第一个站点
防止出现这种情况和恶意解析
禁止ip地址直接访问方法如下

先配置证书和密钥

证书

编辑/www/server/panel/vhost/cert/default/fullchain.pem,内容如下

-----BEGIN CERTIFICATE-----
MIIDITCCAsagAwIBAgIUTcEWLzynkLCFCoAC1iDH2vG3EkYwCgYIKoZIzj0EAwIw
gY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T
YW4gRnJhbmNpc2NvMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTgwNgYDVQQL
Ey9DbG91ZEZsYXJlIE9yaWdpbiBTU0wgRUNDIENlcnRpZmljYXRlIEF1dGhvcml0
eTAeFw0xOTAxMTMxNDMxMDBaFw0zNDAxMDkxNDMxMDBaMGIxGTAXBgNVBAoTEENs
b3VkRmxhcmUsIEluYy4xHTAbBgNVBAsTFENsb3VkRmxhcmUgT3JpZ2luIENBMSYw
JAYDVQQDEx1DbG91ZEZsYXJlIE9yaWdpbiBDZXJ0aWZpY2F0ZTBZMBMGByqGSM49
AgEGCCqGSM49AwEHA0IABAg/hZ9lDHj/f+0jDRAN23TkNEqIi46mCGnwZVD3glxL
l+a1mpfXLHSEFTipnSyQgmvkPYzQGaEIFD0q6W/ZgMujggEqMIIBJjAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMAwGA1UdEwEB
/wQCMAAwHQYDVR0OBBYEFCEZF6Eyem01XPbgwr6DXLZV1qsQMB8GA1UdIwQYMBaA
FIUwXTsqcNTt1ZJnB/3rObQaDjinMEQGCCsGAQUFBwEBBDgwNjA0BggrBgEFBQcw
AYYoaHR0cDovL29jc3AuY2xvdWRmbGFyZS5jb20vb3JpZ2luX2VjY19jYTAjBgNV
HREEHDAaggwqLmRuc3BvZC5jb22CCmRuc3BvZC5jb20wPAYDVR0fBDUwMzAxoC+g
LYYraHR0cDovL2NybC5jbG91ZGZsYXJlLmNvbS9vcmlnaW5fZWNjX2NhLmNybDAK
BggqhkjOPQQDAgNJADBGAiEAnrequCk/QZOOrcPH6C3Hgcy4SPNUy5rQtku/aYkj
qQoCIQCN6IyYNiXuwG+8jUgJrveiirBjiz2jXZSTEfVAyibjTg==
-----END CERTIFICATE-----

密钥

编辑/www/server/panel/vhost/cert/default/privkey.pem,内容如下

-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgK0HE3hTJQDg6p/fj
nS92eSuRKZEZ5F4grT6tWFKNYVmhRANCAAQIP4WfZQx4/3/tIw0QDdt05DRKiIuO
pghp8GVQ94JcS5fmtZqX1yx0hBU4qZ0skIJr5D2M0BmhCBQ9Kulv2YDL
-----END PRIVATE KEY-----

然后修改(没有的话就新增)/www/server/panel/vhost/nginx/0.default.conf为:

server{
listen 80;
listen 443 ssl http2;
server_name _;
#直接用ip访问时重定向为444
 if ( $host ~* "\d+\.\d+\.\d+\.\d+" ) {
   return 444;
 }
 #配置无效证书
#HTTP_TO_HTTPS_END
ssl_certificate    /www/server/panel/vhost/cert/default/fullchain.pem;
ssl_certificate_key    /www/server/panel/vhost/cert/default/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497  https://$host$request_uri;
}

NGINX相关

像mp4之类的默认是播放,可以指定文件直接下载

location ~ \.(MP4|mp4|m4v|M4V|AVI|avi|WMV|wmv)$ 
 {
  types     {}
  add_header  Content-Type application/octet-stream;
  }

跨域调用问题

  location /  {  
      add_header Access-Control-Allow-Origin *;  
    }

反代二级目录

location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass   http://aliyunhk.waiwang.men:26900/ui/;
}

删除日志

定时任务
每隔 5分钟

rm -rf /www/server/panel/logs/request/*

反向代理

宝塔的规则,记录下方便查阅
nginx文件

#引用反向代理规则,注释后配置的反向代理将无效
include /www/server/panel/vhost/nginx/proxy/www.imcxx.com/*.conf;

反代

#PROXY-START/

location  ~* \.(php|jsp|cgi|asp|aspx)$
{
    proxy_pass https://1.1.1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
}
location /
{
    proxy_pass https://1.1.1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    
    add_header X-Cache $upstream_cache_status;
    #Set Nginx Cache
    proxy_ignore_headers Set-Cookie Cache-Control expires;
    add_header Cache-Control no-cache;
    expires 12h;
}

#PROXY-END

最后修改:2023 年 06 月 23 日
如果觉得我的文章对你有用,请随意赞赏