#config-v1 server { listen 80 default_server; listen 443 ssl; root /app/www/public; index index.html index.htm index.php; server_name _; ssl_certificate /config/keys/cert.crt; ssl_certificate_key /config/keys/cert.key; client_max_body_size 0; location / { try_files $uri $uri/ /index.php?$query_string; } location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; } # deny running scripts inside core system folders location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } # deny running scripts inside user folder location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } # deny access to specific files in the root folder location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; } # location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { # expires 30d; # add_header Vary Accept-Encoding; # log_not_found off; # } # location ~* ^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|woff2|svg)$ { # access_log off; # expires 30d; # add_header Cache-Control public; # ## No need to bleed constant updates. Send the all shebang in one # ## fell swoop. # tcp_nodelay off; # ## Set the OS file cache. # open_file_cache max=3000 inactive=120s; # open_file_cache_valid 45s; # open_file_cache_min_uses 2; # open_file_cache_errors off; # } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; } }