files.gallery的nginx部署备忘录

由于给files.gallery开了全部权限, 防止文件泄露针对location /进行了限制访问.

server {
    server_name gallery.XX.net;
    index index.php;
    root /home/gallery/web;
        location =/ {}
        location / { deny all;}
        location /.well-known/acme-challenge/ { return 200; }
        location ~ \.php(?:$|/) {
                        try_files $uri = 404;
                        fastcgi_pass unix:/dev/shm/php8-fpm.sock;
        }
}

设定ssl证书

dnf install epel-release -y
dnf install certbot python3-certbot-nginx -y
certbot --nginx -d XXX.net --agree-tos -m [email protected]
echo "0 3 * * 6 /usr/bin/certbot renew --quiet"> /etc/cron.d/certbot