|
| 1 | +#=======================================================================# |
| 2 | +# Default Web Domain Template # |
| 3 | +# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS # |
| 4 | +#=======================================================================# |
| 5 | + |
| 6 | +server { |
| 7 | + listen %ip%:%web_ssl_port% ssl http2; |
| 8 | + server_name %domain_idn% %alias_idn%; |
| 9 | + root %docroot%; |
| 10 | + index index.php index.html index.htm; |
| 11 | + access_log /var/log/nginx/domains/%domain%.log combined; |
| 12 | + access_log /var/log/nginx/domains/%domain%.bytes bytes; |
| 13 | + error_log /var/log/nginx/domains/%domain%.error.log error; |
| 14 | + |
| 15 | + ssl_certificate %ssl_pem%; |
| 16 | + ssl_certificate_key %ssl_key%; |
| 17 | + ssl_stapling on; |
| 18 | + ssl_stapling_verify on; |
| 19 | + |
| 20 | + include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*; |
| 21 | + |
| 22 | + location = /favicon.ico { |
| 23 | + log_not_found off; |
| 24 | + access_log off; |
| 25 | + } |
| 26 | + |
| 27 | + location = /robots.txt { |
| 28 | + allow all; |
| 29 | + log_not_found off; |
| 30 | + access_log off; |
| 31 | + } |
| 32 | + |
| 33 | + location ~ /\.(?!well-known\/) { |
| 34 | + deny all; |
| 35 | + return 404; |
| 36 | + } |
| 37 | + |
| 38 | + # Force pdf files to be downloaded |
| 39 | + location ~* \.pdf$ { |
| 40 | + add_header Content-Disposition Attachment; |
| 41 | + add_header X-Content-Type-Options nosniff; |
| 42 | + } |
| 43 | + |
| 44 | + # Force files in upload directory to be downloaded |
| 45 | + location ~ ^/upload/ { |
| 46 | + add_header Content-Disposition Attachment; |
| 47 | + add_header X-Content-Type-Options nosniff; |
| 48 | + } |
| 49 | + |
| 50 | + # [REQUIRED EDIT IF MULTILANG] |
| 51 | + # rewrite ^/fr$ /fr/ redirect; |
| 52 | + # rewrite ^/fr/(.*) /$1; |
| 53 | + |
| 54 | + # Images |
| 55 | + rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$1$2$3.jpg last; |
| 56 | + rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last; |
| 57 | + rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last; |
| 58 | + rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last; |
| 59 | + rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last; |
| 60 | + rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last; |
| 61 | + rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last; |
| 62 | + rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last; |
| 63 | + rewrite ^/c/([0-9]+)(-[.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+.jpg$ /img/c/$1$2$3.jpg last; |
| 64 | + rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+.jpg$ /img/c/$1$2.jpg last; |
| 65 | + |
| 66 | + # AlphaImageLoader for IE and fancybox |
| 67 | + rewrite ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 last; |
| 68 | + |
| 69 | + # Web service API |
| 70 | + rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last; |
| 71 | + |
| 72 | + # Installation sandbox |
| 73 | + rewrite ^(/install(?:-dev)?/sandbox)/(.*) /$1/test.php last; |
| 74 | + |
| 75 | + # Source code directories |
| 76 | + location ~ ^/(app|bin|cache|classes|config|controllers|docs|localization|override|src|tests|tools|translations|travis-scripts|vendor|var)/ { |
| 77 | + deny all; |
| 78 | + return 404; |
| 79 | + } |
| 80 | + |
| 81 | + # vendor in modules directory |
| 82 | + location ~ ^/modules/.*/vendor/ { |
| 83 | + deny all; |
| 84 | + return 404; |
| 85 | + } |
| 86 | + |
| 87 | + # Prevent exposing other sensitive files |
| 88 | + location ~ \.(yml|log|tpl|twig|sass)$ { |
| 89 | + deny all; |
| 90 | + return 404; |
| 91 | + } |
| 92 | + |
| 93 | + # Prevent injection of php files |
| 94 | + location /upload { |
| 95 | + location ~ \.php$ { |
| 96 | + deny all; |
| 97 | + return 404; |
| 98 | + } |
| 99 | + } |
| 100 | + location /img { |
| 101 | + location ~ \.php$ { |
| 102 | + deny all; |
| 103 | + return 404; |
| 104 | + } |
| 105 | + } |
| 106 | + |
| 107 | + location / { |
| 108 | + try_files $uri $uri/ /index.php?$args; |
| 109 | + |
| 110 | + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ { |
| 111 | + expires 30d; |
| 112 | + fastcgi_hide_header "Set-Cookie"; |
| 113 | + } |
| 114 | + |
| 115 | + location ~ [^/]\.php(/|$) { |
| 116 | + try_files $fastcgi_script_name /index.php$uri&$args =404; |
| 117 | + fastcgi_split_path_info ^(.+\.php)(/.+)$; |
| 118 | + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; |
| 119 | + |
| 120 | + fastcgi_pass %backend_lsnr%; |
| 121 | + fastcgi_index index.php; |
| 122 | + include /etc/nginx/fastcgi_params; |
| 123 | + } |
| 124 | + } |
| 125 | + |
| 126 | + error_page 403 /error/404.html; |
| 127 | + error_page 404 /index.php?controller=404; |
| 128 | + error_page 500 502 503 504 /error/50x.html; |
| 129 | + |
| 130 | + location /error/ { |
| 131 | + alias %home%/%user%/web/%domain%/document_errors/; |
| 132 | + } |
| 133 | + |
| 134 | + location /vstats/ { |
| 135 | + alias %home%/%user%/web/%domain%/stats/; |
| 136 | + include %home%/%user%/web/%domain%/stats/auth.conf*; |
| 137 | + } |
| 138 | + |
| 139 | + include /etc/nginx/conf.d/phpmyadmin.inc*; |
| 140 | + include /etc/nginx/conf.d/phppgadmin.inc*; |
| 141 | + include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; |
| 142 | +} |
0 commit comments