configure nginx rev1

1. # Redirect HTTP -> HTTPS
2. server {
3. listen 9000;
4. server_name www.pindurian.com pindurian.com;
5.  
6. include snippets/letsencrypt.conf;
7. return 301 https://pindurian.com$request_uri;
8. }
9.  
10. # Redirect WWW -> NON WWW
11. server {
12. listen 443 ssl http2;
13. server_name www.pindurian.com;
14.  
15. ssl_certificate /etc/letsencrypt/live/pindurian.com/fullchain.pem;
16. ssl_certificate_key /etc/letsencrypt/live/pindurian.com/privkey.pem;
17. ssl_trusted_certificate /etc/letsencrypt/live/pindurian.com/chain.pem;
18. include snippets/ssl.conf;
19.  
20. return 301 https://pindurian.com$request_uri;
21. }
22.  
23. server {
24. listen 443 ssl http2;
25. server_name pindurian.com;
26.  
27. root /var/www/pindurian/web;
28.  
29. # SSL parameters
30. ssl_certificate /etc/letsencrypt/live/pindurian.com/fullchain.pem;
31. ssl_certificate_key /etc/letsencrypt/live/pindurian.com/privkey.pem;
32. ssl_trusted_certificate /etc/letsencrypt/live/pindurian.com/chain.pem;
33. include snippets/ssl.conf;
34.  
35. # log files
36. access_log /var/log/nginx/pindurian.com.access.log;
37. error_log /var/log/nginx/pindurian.com.error.log;
38.  
39. location = /favicon.ico {
40. log_not_found off;
41. access_log off;
42. }
43.  
44. location = /robots.txt {
45. allow all;
46. log_not_found off;
47. access_log off;
48. }
49.  
50. location ~ \..*/.*\.php$ {
51. return 403;
52. }
53.  
54. location ~ ^/sites/.*/private/ {
55. return 403;
56. }
57.  
58. # Block access to scripts in site files directory
59. location ~ ^/sites/[^/]+/files/.*\.php$ {
60. deny all;
61. }
62.  
63. # Block access to "hidden" files and directories whose names begin with a
64. # period. This includes directories used by version control systems such
65. # as Subversion or Git to store control files.
66. location ~ (^|/)\. {
67. return 403;
68. }
69.  
70. location / {
71. try_files $uri /index.php?$query_string;
72. }
73.  
74. location @rewrite {
75. rewrite ^/(.*)$ /index.php?q=$1;
76. }
77.  
78. # Don't allow direct access to PHP files in the vendor directory.
79. location ~ /vendor/.*\.php$ {
80. deny all;
81. return 404;
82. }
83.  
84.  
85. location ~ '\.php$|^/update.php' {
86. fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
87. include fastcgi_params;
88. # Block httpoxy attacks. See https://httpoxy.org/.
89. fastcgi_param HTTP_PROXY "";
90. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
91. fastcgi_param PATH_INFO $fastcgi_path_info;
92. fastcgi_param QUERY_STRING $query_string;
93. fastcgi_intercept_errors on;
94. fastcgi_pass unix:/run/php/php7.2-fpm.sock;
95. }
96.  
97. # Fighting with Styles? This little gem is amazing.
98. # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
99. location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
100. try_files $uri @rewrite;
101. }
102.  
103. # Handle private files through Drupal. Private file's path can come
104. # with a language prefix.
105. location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
106. try_files $uri /index.php?$query_string;
107. }
108.  
109. location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
110. try_files $uri @rewrite;
111. expires max;
112. log_not_found off;
113. }
114.  
115. }