File: //proc/thread-self/root/etc/nginx/sites-available/BtMiners-store.conf.save.3
# =========================================================
# 全局请求速率与连接数限制
# =========================================================
limit_req_zone $binary_remote_addr zone=req_limit:10m rate=30r/m; # 每分钟 20 次请求
limit_conn_zone $binary_remote_addr zone=conn_limit:15m; # 每IP最大并发连接数
server {
server_name bt-miners.com;
server_name www.bt-miners.com;
root /var/www/BtMiners/BtMiners-store;
include snippets/app/wordpress-php81.app;
# 关闭静态文件的访问日志
# 图片、字体长期缓存
location ~* \.(jpg|jpeg|png|gif|ico|svg|webp|woff|woff2|ttf)$ {
access_log off;
log_not_found off;
expires 365d;
add_header Cache-Control "public, max-age=31536000, immutable";
}
# CSS/JS 缓存 30 天
location ~* \.(css|js|map)$ {
access_log off;
log_not_found off;
expires 30d;
add_header Cache-Control "public, max-age=2592000";
}
# 全局速率与连接数限制
limit_req_zone $binary_remote_addr zone=req_limit:10m rate=30r/m;
limit_conn_zone $binary_remote_addr zone=conn_limit:15m;
server {
server_name bt-miners.com www.bt-miners.com;
root /var/www/BtMiners/BtMiners-store;
include snippets/app/wordpress-php81.app;
# 后台放宽限制
location ^~ /wp-admin/ {
limit_req zone=req_limit burst=50 nodelay;
limit_conn conn_limit 20;
try_files $uri $uri/ /index.php?$args;
}
# webhook 放行
location = /wc-api=WC_Gateway_Coinbase {
limit_req off;
limit_conn off;
try_files $uri $uri/ /index.php?$args;
}
# 静态资源缓存
location ~* \.(jpg|jpeg|png|gif|ico|svg|webp|woff|woff2|ttf)$ {
access_log off;
log_not_found off;
expires 365d;
add_header Cache-Control "public, max-age=31536000, immutable";
}
location ~* \.(css|js|map)$ {
access_log off;
log_not_found off;
expires 30d;
add_header Cache-Control "public, max-age=2592000";
}
# 前台限制
limit_req zone=req_limit burst=10 nodelay;
limit_conn conn_limit 10;
}
limit_req zone=req_limit burst=10 nodelay;
limit_conn conn_limit 10;
location ~ ^/(zh-CN|ar|de|fr|es|it|ja|ko|pt|ru)/ {
try_files $uri $uri/ @blocked;
}
location @blocked {
return 444;
}
# -------------------------
# 阻止敏感文件扫描
# -------------------------
location ~* /\.(env|git|DS_Store|vscode) {
return 444;
}
# -------------------------
# 阻止扫描型 PHP 请求
# -------------------------
location ~* /(aa|test|tinyfilemanager|eval|config|upload|cmd)\.php$ {
return 444;
}
access_log /var/log/nginx/btminers-store.access.log xfor;
error_log /var/log/nginx/btminers-store.error.log;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/bt-miners.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/bt-miners.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.bt-miners.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = bt-miners.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name www.bt-miners.com;
server_name bt-miners.com;
return 404; # managed by Certbot
}
map $host $lang_path {
zh-cn.bt-miners.com zh-CN;
ar.bt-miners.com ar;
de.bt-miners.com de;
fr.bt-miners.com fr;
es.bt-miners.com es;
it.bt-miners.com it;
ja.bt-miners.com ja;
ko.bt-miners.com ko;
pt.bt-miners.com pt;
ru.bt-miners.com ru;
}
server {
listen 80;
listen 443 ssl;
server_name zh-cn.bt-miners.com ar.bt-miners.com de.bt-miners.com fr.bt-miners.com es.bt-miners.com it.bt-miners.com ja.bt-miners.com ko.bt-miners.com pt.bt-miners.com ru.bt-miners.com;
ssl_certificate /etc/letsencrypt/live/bt-miners.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bt-miners.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# 只对访问二级域名的请求重定向
# 避免循环 301 的安全重定向规则
# 如果请求不是已经加了语言路径,就跳转到主域名
if ($host ~* "^(zh-cn|ar|de|fr|es|it|ja|ko|pt|ru)\.bt-miners\.com$") {
return 301 https://bt-miners.com/$lang_path$request_uri;
}
}