server { listen 80; server_name www.domain.name domain.name *.do

1. server {
2. listen 80;
3. server_name www.domain.name domain.name *.domain.name;
4.  
5. return 301 https://www.domain.name$request_uri;
6. }
7.  
8. server {
9. listen 443 ssl;
10. server_name domain.name;
11.  
12. ssl_certificate /etc/letsencrypt/live/domain.name/fullchain.pem;
13. ssl_certificate_key /etc/letsencrypt/live/domain.name/privkey.pem;
14. include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
15. ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
16.  
17. return 301 https://www.domain.name$request_uri;
18. }
19.  
20. server {
21. listen 443 ssl;
22. server_name www.domain.name;
23.  
24. root /var/www/wordpress;
25.  
26. access_log /var/log/nginx/domain.name.access.log;
27. error_log /var/log/nginx/domain.name.error.log;
28.  
29. ssl_certificate /etc/letsencrypt/live/domain.name/fullchain.pem;
30. ssl_certificate_key /etc/letsencrypt/live/domain.name/privkey.pem;
31. include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
32. ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
33.  
34. include global/common.conf;
35.  
36. # WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact
37. location / {
38. try_files $uri $uri/ /index.php?q=$uri&$args;
39. }
40.  
41. # SECURITY : Deny all attempts to access PHP Files in the uploads directory
42. location ~* /(?:uploads|files)/.*.php$ {
43. deny all;
44. }
45. # REQUIREMENTS : Enable PHP Support
46. location ~ .php$ {
47. # SECURITY : Zero day Exploit Protection
48. try_files $uri =404;
49. # ENABLE : Enable PHP, listen fpm sock
50. fastcgi_split_path_info ^(.+.php)(/.+)$;
51. fastcgi_pass unix:/var/run/php/php7.2-fpm-www.sock;
52. fastcgi_index index.php;
53. include fastcgi_params;
54. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
55. }
56. # PLUGINS : Enable Rewrite Rules for Yoast SEO SiteMap
57. rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
58. rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
59. }
60.  
61. # Global configuration file.
62. # ESSENTIAL : Configure Nginx Listening Port
63. listen 80;
64. # ESSENTIAL : Default file to serve. If the first file isn't found,
65. index index.php index.html index.htm;
66. # ESSENTIAL : no favicon logs
67. location = /favicon.ico {
68. log_not_found off;
69. access_log off;
70. }
71. # ESSENTIAL : robots.txt
72. location = /robots.txt {
73. allow all;
74. log_not_found off;
75. access_log off;
76. }
77. # ESSENTIAL : Configure 404 Pages
78. error_page 404 /404.html;
79. # ESSENTIAL : Configure 50x Pages
80. error_page 500 502 503 504 /50x.html;
81. location = /50x.html {
82. root /usr/share/nginx/www;
83. }
84. # SECURITY : Deny all attempts to access hidden files .abcde
85. location ~ /. {
86. deny all;
87. }
88. # PERFORMANCE : Set expires headers for static files and turn off logging.
89. location ~* ^.+.(js|css|swf|xml|txt|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
90. access_log off; log_not_found off; expires 30d;
91. }