SHARE
TWEET

configure nginx rev1

sairi Jul 22nd, 2019 100 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Redirect HTTP -> HTTPS
  2. server {
  3.     listen 9000;
  4.     server_name www.pindurian.com pindurian.com;
  5.  
  6.     include snippets/letsencrypt.conf;
  7.     return 301 https://pindurian.com$request_uri;
  8. }
  9.  
  10. # Redirect WWW -> NON WWW
  11. server {
  12.     listen 443 ssl http2;
  13.     server_name www.pindurian.com;
  14.  
  15.     ssl_certificate /etc/letsencrypt/live/pindurian.com/fullchain.pem;
  16.     ssl_certificate_key /etc/letsencrypt/live/pindurian.com/privkey.pem;
  17.     ssl_trusted_certificate /etc/letsencrypt/live/pindurian.com/chain.pem;
  18.     include snippets/ssl.conf;
  19.  
  20.     return 301 https://pindurian.com$request_uri;
  21. }
  22.  
  23. server {
  24.     listen 443 ssl http2;
  25.     server_name pindurian.com;
  26.  
  27.     root /var/www/pindurian/web;
  28.  
  29.     # SSL parameters
  30.     ssl_certificate /etc/letsencrypt/live/pindurian.com/fullchain.pem;
  31.     ssl_certificate_key /etc/letsencrypt/live/pindurian.com/privkey.pem;
  32.     ssl_trusted_certificate /etc/letsencrypt/live/pindurian.com/chain.pem;
  33.     include snippets/ssl.conf;
  34.  
  35.     # log files
  36.     access_log /var/log/nginx/pindurian.com.access.log;
  37.     error_log /var/log/nginx/pindurian.com.error.log;
  38.  
  39.     location = /favicon.ico {
  40.         log_not_found off;
  41.         access_log off;
  42.     }
  43.  
  44.     location = /robots.txt {
  45.         allow all;
  46.         log_not_found off;
  47.         access_log off;
  48.     }
  49.  
  50.     location ~ \..*/.*\.php$ {
  51.         return 403;
  52.     }
  53.  
  54.     location ~ ^/sites/.*/private/ {
  55.         return 403;
  56.     }
  57.  
  58.     # Block access to scripts in site files directory
  59.     location ~ ^/sites/[^/]+/files/.*\.php$ {
  60.         deny all;
  61.     }
  62.  
  63.     # Block access to "hidden" files and directories whose names begin with a
  64.     # period. This includes directories used by version control systems such
  65.     # as Subversion or Git to store control files.
  66.     location ~ (^|/)\. {
  67.         return 403;
  68.     }
  69.  
  70.     location / {
  71.         try_files $uri /index.php?$query_string;
  72.     }
  73.  
  74.     location @rewrite {
  75.         rewrite ^/(.*)$ /index.php?q=$1;
  76.     }
  77.  
  78.     # Don't allow direct access to PHP files in the vendor directory.
  79.     location ~ /vendor/.*\.php$ {
  80.         deny all;
  81.         return 404;
  82.     }
  83.  
  84.  
  85.     location ~ '\.php$|^/update.php' {
  86.         fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
  87.         include fastcgi_params;
  88.         # Block httpoxy attacks. See https://httpoxy.org/.
  89.         fastcgi_param HTTP_PROXY "";
  90.         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  91.         fastcgi_param PATH_INFO $fastcgi_path_info;
  92.         fastcgi_param QUERY_STRING $query_string;
  93.         fastcgi_intercept_errors on;
  94.         fastcgi_pass unix:/run/php/php7.2-fpm.sock;
  95.     }
  96.  
  97.     # Fighting with Styles? This little gem is amazing.
  98.     # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
  99.     location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
  100.         try_files $uri @rewrite;
  101.     }
  102.  
  103.     # Handle private files through Drupal. Private file's path can come
  104.     # with a language prefix.
  105.     location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
  106.         try_files $uri /index.php?$query_string;
  107.     }
  108.  
  109.     location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
  110.         try_files $uri @rewrite;
  111.         expires max;
  112.         log_not_found off;
  113.     }
  114.  
  115. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top