$ sudo nginx -vnginx version: nginx/1.10.3$ sudo php -vPHP 7.0.30-0+deb9u1 (

1. $ sudo nginx -v
2. nginx version: nginx/1.10.3
3.  
4. $ sudo php -v
5. PHP 7.0.30-0+deb9u1 (cli) (built: Jun 14 2018 13:50:25) ( NTS )
6. Copyright (c) 1997-2017 The PHP Group
7. Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
8. with Zend OPcache v7.0.30-0+deb9u1, Copyright (c) 1999-2017, by Zend Technologies
9.  
10. server {
11. listen 80;
12. server_name example.com www.example.com;
13.  
14. error_log /var/log/nginx/error.log;
15. access_log /var/log/nginx/access.log;
16.  
17. include global/restrictions.conf;
18.  
19. # Root
20. location / {
21. root /var/www/root/html;
22. index index.php index.htm index.html index.nginx-debian.html;
23. try_files $uri $uri/ =404;
24. # pass the PHP scripts to FastCGI server
25. include global/root.conf;
26. }
27.  
28.  
29. # WordPress
30. location /blog/ {
31. root /var/www/blog/html;
32. # pass the PHP scripts to FastCGI server
33. include global/wordpress.conf;
34. }
35.  
36. # DokuWiKi
37. location /wiki/ {
38. root /var/www/wiki/html;
39. index index.php index.htm index.html;
40. try_files $uri $uri/ =404;
41. # pass the PHP scripts to FastCGI server
42. include global/wiki.conf;
43. }
44.  
45. # NextCloud
46. # location /drive/ {
47. # root /var/www/drive/html;
48. # pass the PHP scripts to FastCGI server
49. # include global/.conf;
50. # }
51.  
52. }
53.  
54. location ~ .php$ {
55. include snippets/fastcgi-php.conf;
56. fastcgi_pass unix:/var/run/php7.0-fpm.sock;
57. }
58.  
59. location ~ /.ht {
60. deny all;
61. }
62.  
63. # WordPress single site rules. Designed to be included in any
64. # server {} block.
65.  
66. # This order might seem weird - this is attempted to match last if
67. # rules below fail. http://wiki.nginx.org/HttpCoreModule
68. location /blog/ {
69. try_files $uri $uri/ /index.php?$args;
70. }
71.  
72. # Add trailing slash to */wp-admin requests.
73. rewrite /wp-admin$ $scheme://$host$uri/ permanent;
74.  
75. # Directives to send expires headers and turn off 404 error
76. # logging.
77. location ~*
78. ^.+.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$
79. {
80. access_log off; log_not_found off; expires max;
81. }
82.  
83. # Uncomment one of the lines below for the appropriate caching
84. #plugin (if used). include global/wordpress-wp-super-cache.conf;
85. #include global/wordpress-w3-total-cache.conf;
86.  
87. # Pass all .php files onto a php-fpm/php-fcgi server.
88. location ~ [^/].php(/|$) {
89. fastcgi_split_path_info ^(.+?.php)(/.*)$;
90. if (!-f $document_root$fastcgi_script_name) {
91. return 404;
92. }
93. # This is a robust solution for path info security issue and
94. # works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)
95.  
96. include fastcgi_params;
97. fastcgi_index index.php;
98. fastcgi_param SCRIPT_FILENAME
99. $document_root$fastcgi_script_name;
100. # fastcgi_intercept_errors on;
101. fastcgi_pass unix:/var/run/php7.0-fpm.sock;
102. }
103.  
104.  
105. # Deny all attempts to access hidden files such as .htaccess,
106. # .htpasswd, .DS_Store (Mac). Keep logging the requests to parse
107. # later (or to pass to firewall utilities such as fail2ban)
108. location ~ /. {
109. deny all;
110. }
111.  
112. # Deny access to any files with a .php extension in the uploads
113. # directory Works in sub-directory installs and also in multisite
114. # network Keep logging the requests to parse later (or to pass to
115. # firewall utilities such as fail2ban)
116. location ~* /(?:uploads|files)/.*.php$ {
117. deny all;
118. }