user www-data www-data; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { charset utf-8; include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 15s; types_hash_max_size 2048; server_tokens off; client_max_body_size 10M; client_body_timeout 60; # server_names_hash_bucket_size 64; server_name_in_redirect off; ## # Gzip Settings ## gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; include /etc/nginx/conf.d/*.conf; server { listen 80 default; listen [::]:80 default; server_name {{ item.url }} www.{{ item.url }}; root /var/www/html; index index.php; # Restrictions location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } location ~ /\. { deny all; } location = /_.gif { expires max; empty_gif; } location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { expires max; log_not_found off; } location ~* /(?:uploads|files)/.*\.php$ { deny all; } # XMLRPC is a great way to bruteforce passwords location = /xmlrpc.php { deny all; } location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { # regex to split $uri to $fastcgi_script_name and $fastcgi_path fastcgi_split_path_info ^(.+\.php)(/.+)$; # Check that the PHP script exists before passing it # Breaks site... # try_files $fastcgi_script_name =404; # Block httpoxy attacks. See https://httpoxy.org/ : fastcgi_param HTTP_PROXY ""; # Bypass the fact that try_files resets $fastcgi_path_info # see: http://trac.nginx.org/nginx/ticket/321 set $path_info $fastcgi_path_info; fastcgi_param PATH_INFO $path_info; # Do not diplay errors: # fastcgi_intercept_errors on; fastcgi_index index.php; include fastcgi_params; fastcgi_pass site:9000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } } }