sairi

configure nginx rev1

Jul 22nd, 2019
119
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Redirect HTTP -> HTTPS
  2. server {
  3. listen 9000;
  4. server_name www.pindurian.com pindurian.com;
  5.  
  6. include snippets/letsencrypt.conf;
  7. return 301 https://pindurian.com$request_uri;
  8. }
  9.  
  10. # Redirect WWW -> NON WWW
  11. server {
  12. listen 443 ssl http2;
  13. server_name www.pindurian.com;
  14.  
  15. ssl_certificate /etc/letsencrypt/live/pindurian.com/fullchain.pem;
  16. ssl_certificate_key /etc/letsencrypt/live/pindurian.com/privkey.pem;
  17. ssl_trusted_certificate /etc/letsencrypt/live/pindurian.com/chain.pem;
  18. include snippets/ssl.conf;
  19.  
  20. return 301 https://pindurian.com$request_uri;
  21. }
  22.  
  23. server {
  24. listen 443 ssl http2;
  25. server_name pindurian.com;
  26.  
  27. root /var/www/pindurian/web;
  28.  
  29. # SSL parameters
  30. ssl_certificate /etc/letsencrypt/live/pindurian.com/fullchain.pem;
  31. ssl_certificate_key /etc/letsencrypt/live/pindurian.com/privkey.pem;
  32. ssl_trusted_certificate /etc/letsencrypt/live/pindurian.com/chain.pem;
  33. include snippets/ssl.conf;
  34.  
  35. # log files
  36. access_log /var/log/nginx/pindurian.com.access.log;
  37. error_log /var/log/nginx/pindurian.com.error.log;
  38.  
  39. location = /favicon.ico {
  40. log_not_found off;
  41. access_log off;
  42. }
  43.  
  44. location = /robots.txt {
  45. allow all;
  46. log_not_found off;
  47. access_log off;
  48. }
  49.  
  50. location ~ \..*/.*\.php$ {
  51. return 403;
  52. }
  53.  
  54. location ~ ^/sites/.*/private/ {
  55. return 403;
  56. }
  57.  
  58. # Block access to scripts in site files directory
  59. location ~ ^/sites/[^/]+/files/.*\.php$ {
  60. deny all;
  61. }
  62.  
  63. # Block access to "hidden" files and directories whose names begin with a
  64. # period. This includes directories used by version control systems such
  65. # as Subversion or Git to store control files.
  66. location ~ (^|/)\. {
  67. return 403;
  68. }
  69.  
  70. location / {
  71. try_files $uri /index.php?$query_string;
  72. }
  73.  
  74. location @rewrite {
  75. rewrite ^/(.*)$ /index.php?q=$1;
  76. }
  77.  
  78. # Don't allow direct access to PHP files in the vendor directory.
  79. location ~ /vendor/.*\.php$ {
  80. deny all;
  81. return 404;
  82. }
  83.  
  84.  
  85. location ~ '\.php$|^/update.php' {
  86. fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
  87. include fastcgi_params;
  88. # Block httpoxy attacks. See https://httpoxy.org/.
  89. fastcgi_param HTTP_PROXY "";
  90. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  91. fastcgi_param PATH_INFO $fastcgi_path_info;
  92. fastcgi_param QUERY_STRING $query_string;
  93. fastcgi_intercept_errors on;
  94. fastcgi_pass unix:/run/php/php7.2-fpm.sock;
  95. }
  96.  
  97. # Fighting with Styles? This little gem is amazing.
  98. # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
  99. location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
  100. try_files $uri @rewrite;
  101. }
  102.  
  103. # Handle private files through Drupal. Private file's path can come
  104. # with a language prefix.
  105. location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
  106. try_files $uri /index.php?$query_string;
  107. }
  108.  
  109. location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
  110. try_files $uri @rewrite;
  111. expires max;
  112. log_not_found off;
  113. }
  114.  
  115. }
RAW Paste Data