海运的博客

需安装http-dav-ext扩展，有时使用非标准webdav客户端删除目录时最后不带/，nginx删除目录失败返回409，alias不支持rewrite使用root。

  location /webdav/ {
    satisfy any;
    allow 127.0.0.1;
    deny all;
    #root /;
    #if (-d $request_filename) { rewrite ^(.*[^/])$ $1/ break; }
    alias /webdav/;
    dav_methods PUT DELETE MKCOL COPY MOVE;
    dav_ext_methods PROPFIND OPTIONS;
    dav_access user:rw group:r all:r;
    create_full_put_path  on;
    port_in_redirect off;
    autoindex on;
    autoindex_localtime on;
    charset utf-8;
    auth_basic "Login";
    auth_basic_user_file htpasswd;
  }

使用curl测试webdav：
新建目录，注意最后一定要带/，不然返回409，MKCOL can create a collection only

curl -X MKCOL https://www.haiyun.me/webdav/test/

上传文件：

curl -T filename https://www.haiyun.me/webdav/

重命名文件：

curl -X MOVE --header 'Destination:https://www.haiyun.me/webdav/newname' https://www.haiyun.me/webdav/filename

删除文件：

curl -X DELETE https://www.haiyun.me/webdav/filename

安装nginx依赖扩展，当typecho更新时调用http-cache-purge删除缓存，当命中缓存时调用lua清除set-cookie head，防止缓存的设置cookie header发送给所有人。

apt install libnginx-mod-http-cache-purge libnginx-mod-http-lua

http内添加：

    fastcgi_cache_path /dev/shm/fastcgi_cache_dir levels=1:2 keys_zone=phpcache:100m inactive=30d max_size=200M;
    fastcgi_temp_path /dev/shm/fastcgi_cache_dir/temp;
    fastcgi_cache_use_stale error timeout invalid_header http_500;
    fastcgi_ignore_headers Cache-Control Expires Set-Cookie;

修改server段：

  set $skip_cache 0;
  #跳过缓存，post请求
  if ($request_method = POST) {
    set $skip_cache 1;
  }
  #url包含参数
  if ($query_string != "") {
    set $skip_cache 1;
  }
  #指定url
  if ($request_uri ~* ^(/admin/|/action/|/search/|/feed/)) {
    set $skip_cache 1;
  }
  #登录用户
  if ($http_cookie ~* "typecho_authCode") {
    set $skip_cache 1;
  }
  #$uri经过重写后会改变，通过lua提前复制到$permalink
  set_by_lua_block $permalink {
    return ngx.var.uri
  }
  location ~ .*\.php$
  {
    try_files $uri =404;
    astcgi_pass  127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi.conf;

    fastcgi_cache_key $scheme$request_method$host$permalink;
    add_header Cache-State $upstream_cache_status;
    fastcgi_cache_bypass $skip_cache;
    fastcgi_no_cache $skip_cache;
    fastcgi_cache phpcache;
    fastcgi_cache_valid 200 301 302 30d;

    log_by_lua_file "/etc/nginx/ngx_lua_reqstatus/hook.lua";
    header_filter_by_lua_block {
      --if ngx.status == ngx.HTTP_OK then
        --ngx.header['Cache-State'] = ngx.var.upstream_cache_status
      --end
      if ngx.var.upstream_cache_status == "HIT" then
        ngx.header['Set-Cookie'] = nil
      end
    }
  }

  location ~ /xxx/_clean_cache(/.*) {
      fastcgi_cache_purge phpcache "$scheme$request_method$host$1";
  }

typecho清除缓存插件：
https://github.com/typecho-fans/plugins/tree/master/Ncache
typecho默认在用户评论后会在cookie内设置用户名和邮箱信息，并在服务端读取cookie在html内写入相关信息，这样用户信息被缓存所有人都可以看到，可参考下面方法修改模板用js读取cookie内用户信息。
https://cuojue.org/read/typecho_comments_author_javascript.html

在ubuntu 20.04下配置nginx ssl时怎么不支持tls1.0/1.1，确认配置文件无误怀疑是openssl的问题，原来是ubuntu 20.04/openssl 1.1.1默认禁用了不安全的tls协议，可以修改openssl配置文件开启。
patch：

--- openssl.cnf 2020-12-26 10:54:59.000000000 +0800
+++ /etc/ssl/openssl.cnf        2020-12-26 11:28:20.406439168 +0800
@@ -11,6 +11,8 @@
 # defined.
 HOME                   = .
 
+openssl_conf = default_conf
+
 # Extra OBJECT IDENTIFIER info:
 #oid_file              = $ENV::HOME/.oid
 oid_section            = new_oids
@@ -348,3 +350,13 @@
                                # (optional, default: no)
 ess_cert_id_alg                = sha1  # algorithm to compute certificate
                                # identifier (optional, default: sha1)
+
+[default_conf]
+ssl_conf = ssl_sect
+
+[ssl_sect]
+system_default = system_default_sect
+
+[system_default_sect]
+MinProtocol = TLSv1
+CipherString = DEFAULT:@SECLEVEL=1

或直接修改配置文件，openssl.cnf首部添加：

sed -i '1i openssl_conf = default_conf' /etc/ssl/openssl.cnf

尾部添加：

cat >> /etc/ssl/openssl.cnf << EOF
[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT:@SECLEVEL=1
EOF

使用openssl测试是否支持tls1.0和1.1：

openssl s_client -connect www.haiyun.me:443 -tls1_1
openssl s_client -connect www.haiyun.me:443 -tls1

参考：
https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level

#centos6：
rpm -ivh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
#centos5：
rpm -ivh http://nginx.org/packages/centos/5/noarch/RPMS/nginx-release-centos-5-0.el5.ngx.noarch.rpm

或自添加：

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/6/$basearch/
gpgcheck=0
enabled=1

Debian7官方源添加了php-fpm软件包，现可通过apt-get快速安装部署LNMP环境了。
安装Mysql：

apt-get install -y mysql-server mysql-client

安装PHP：

apt-get install php5-cli php5-fpm php5-mysql php5-curl

安装Nginx：

apt-get install nginx-full

Nginx主配置文件为：

/etc/nginx/nginx.conf

调用虚拟主机配置文件目录：

/etc/nginx/sites-enabled/

修改默认虚拟主机配置文件支持PHP解析：

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #    # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
    #
    #    # With php5-cgi alone:
    #    fastcgi_pass 127.0.0.1:9000;
    #    # With php5-fpm:
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }