#=======================================================================## Def

1. #=======================================================================#
2. # Default Web Domain Template                                           #
3. # DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
4. #=======================================================================#
5.  
6. server {
7.     listen      %ip%:%web_ssl_port% ssl http2;
8.     server_name %domain_idn% %alias_idn%;
9.     root        %sdocroot%;
10.     index       index.php index.html index.htm;
11.     access_log  /var/log/nginx/domains/%domain%.log combined;
12.     access_log  /var/log/nginx/domains/%domain%.bytes bytes;
13.     error_log   /var/log/nginx/domains/%domain%.error.log error;
14.  
15.     ssl_certificate      %ssl_pem%;
16.     ssl_certificate_key  %ssl_key%;
17.     ssl_stapling on;
18.     ssl_stapling_verify on;
19.  
20.     include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
21.  
22.  
23.     # redirect some entire folders
24.     rewrite ^/(vendor|translations|build)/.* /index.php break;
25.  
26.     location / {
27.  
28.         include     %home%/%user%/conf/web/nginx.%domain%.rules.conf*;
29.  
30.         # First attempt to serve request as file, then
31.         # as directory, then fall back to index.html
32.         # one option: try_files $uri $uri/ /index.php$is_args$args;
33.         try_files $uri /index.php$is_args$args;
34.         # Uncomment to enable naxsi on this location
35.         # include /etc/nginx/naxsi.rules
36.  
37.         location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
38.             expires     max;
39.         }
40.  
41.     }
42.  
43.   # Deny everything else in /app folder except Assets folder in bundles
44.     location ~ /app/bundles/.*/Assets/ {
45.         allow all;
46.         access_log off;
47.     }
48.     location ~ /app/ { deny all; }
49.  
50.     # Deny everything else in /addons or /plugins folder except Assets folder in bundles
51.     location ~ /(addons|plugins)/.*/Assets/ {
52.         allow all;
53.         access_log off;
54.     }
55.     # location ~ /(addons|plugins)/ { deny all; }
56.  
57.     # Deny all php files in themes folder
58.     location ~* ^/themes/(.*)\.php {
59.         deny all;
60.     }
61.  
62.     location ~ [^/]\.php(/|$) {
63.         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
64.         fastcgi_pass    %backend_lsnr%;
65.         fastcgi_index   index.php;
66.         include         /etc/nginx/fastcgi_params;
67.         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
68.         include fastcgi_params;
69.         fastcgi_split_path_info ^(.+.php)(/.+)$;
70.  
71.  
72.     }
73.  
74. #    location / {
75. #
76. #        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
77. #            expires     max;
78. #            fastcgi_hide_header "Set-Cookie";
79. #        }
80. #
81. #        location ~ [^/]\.php(/|$) {
82. #            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
83. #            if (!-f $document_root$fastcgi_script_name) {
84. #                return  404;
85. #            }
86. #
87. #            fastcgi_pass    %backend_lsnr%;
88. #            fastcgi_index   index.php;
89. #            include         /etc/nginx/fastcgi_params;
90. #        }
91. #    }
92.  
93.     location /error/ {
94.         alias   %home%/%user%/web/%domain%/document_errors/;
95.     }
96.  
97.     location ~* "/\.(htaccess|htpasswd)$" {
98.         deny    all;
99.         return  404;
100.     }
101.  
102.     location /vstats/ {
103.         alias   %home%/%user%/web/%domain%/stats/;
104.         include %home%/%user%/web/%domain%/stats/auth.conf*;
105.     }
106.  
107.     include     /etc/nginx/conf.d/phpmyadmin.inc*;
108.     include     /etc/nginx/conf.d/phppgadmin.inc*;
109.     include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
110. }
111.