一、准备目录：

• 根目录：/var/www/html/
• 站点目录：/var/www/html/shop
• 证书目录：/etc/nginx/cert
• php-fpm 端口：9000
• 日志目录：/var/www/logs

二、Nginx配置：

cat shop.conf
server {
        server_name domain.com;  
        listen 443 ssl;
        ssl on;
        ssl_certificate /etc/nginx/cert/domain.com.crt;
        ssl_certificate_key /etc/nginx/cert/domain.com.key;
        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; # HSTS
        add_header X-Frame-Options DENY;
        ssl_dhparam /etc/nginx/cert/dhparam.pem;
        add_header X-Content-Type-Options nosniff;
        ssl_session_tickets off; # nginx >= 1.5.9
        resolver 8.8.8.8 8.8.4.4 valid=300s;
        resolver_timeout 5s;
    error_log /var/www/logs/shop_error.log crit;
        client_max_body_size 10m;
        root /var/www/html/shop;
        index index.php;
            
        location ~ \.php(.*)$ {
            fastcgi_pass   php:9000;        
            fastcgi_index  index.php;
        fastcgi_split_path_info  ^((?U).+\.php)(/?.+)$;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            fastcgi_param  PATH_INFO $fastcgi_path_info;
        fastcgi_param  PATH_TRANSLATED  $document_root$fastcgi_path_info;
        include        fastcgi_params;            
    }

        
        location ^~ /Runtime {
           deny all;
        }
 }

server {
    listen       80;
    server_name  domain.com;
    return 301 https://$server_name$request_uri;
}