Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
161 lines (132 sloc) 5.79 KB
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/SOMEDOMAIN.com/before/*;
# Bots to ban via user agent
map $http_user_agent $limit_bots {
default 0;
~*(AhrefsBot|Baiduspider|PaperLiBot) 1;
}
server {
# Listen for both IPv4 & IPv6 requests on port 443 with http2 enabled
listen 443 ssl http2;
listen [::]:443 ssl http2;
# General virtual host settings
server_name SOMEDOMAIN.com;
root /home/forge/SOMEDOMAIN.com/public;
index index.html index.htm index.php;
charset utf-8;
# Enable server-side includes as per: http://nginx.org/en/docs/http/ngx_http_ssi_module.html
ssi on;
# Disable limits on the maximum allowed size of the client request body
client_max_body_size 0;
# Ban certain bots from crawling the site
if ($limit_bots = 1) {
return 403;
}
# 404 error handler
error_page 404 /index.php?$query_string;
# 301 Redirect URLs with trailing /'s as per https://webmasters.googleblog.com/2010/04/to-slash-or-not-to-slash.html
rewrite ^/(.*)/$ /$1 permanent;
# Change // -> / for all URLs, so it works for our php location block, too
merge_slashes off;
rewrite (.*)//+(.*) $1/$2 permanent;
# Handle Do Not Track as per https://www.eff.org/dnt-policy
location /.well-known/dnt-policy.txt {
try_files /dnt-policy.txt /index.php?p=/dnt-policy.txt;
}
# For WordPress bots/users
location ~ ^/(wp-login|wp-admin|wp-config|wp-content|wp-includes|(.*)\.exe) {
return 301 https://wordpress.com/wp-login.php;
}
# Access and error logging
access_log off;
error_log /var/log/nginx/SOMEDOMAIN.com-error.log error;
# If you want error logging to go to SYSLOG (for services like Papertrailapp.com), uncomment the following:
#error_log syslog:server=unix:/dev/log,facility=local7,tag=nginx,severity=error;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
ssl_certificate /etc/nginx/ssl/SOMEDOMAIN.com/XXXXXX/server.crt;
ssl_certificate_key /etc/nginx/ssl/SOMEDOMAIN.com/XXXXXX/server.key;
# SSL/TLS configuration, with TLSv1.0 disabled because it is insecure; note that IE 8, 9 & 10 support
# TLSv1.1, but it's not enabled by default clients using those browsers will not be able to connect
ssl_protocols TLSv1.2 TLSv1.1;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5';
ssl_buffer_size 4k;
ssl_session_timeout 4h;
ssl_session_cache shared:SSL:40m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/lets-encrypt-x3-cross-signed.pem;
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/SOMEDOMAIN.com/server/*;
# Load configuration files from nginx-partials
include /etc/nginx/nginx-partials/*.conf;
# Root directory location handler
location / {
try_files $uri/index.html $uri $uri/ /index.php?$query_string;
}
# Localized sites, hat tip to Johannes -- https://gist.github.com/johanneslamers/f6d2bc0d7435dca130fc
# If you are creating a localized site as per: https://craftcms.com/docs/localization-guide
# the directives here will help you handle the locale redirection so that requests will
# be routed through the appropriate index.php wherein you set the `CRAFT_LOCALE`
# Enable this by un-commenting it, and changing the language codes as appropriate
# Add a new location @XXrewrites and location /XX/ block for each language that
# you need to support
#location @enrewrites {
# rewrite ^/en/(.*)$ /en/index.php?p=$1? last;
#}
#
#location /en/ {
# try_files $uri $uri/ @enrewrites;
#}
# Craft-specific location handlers to ensure AdminCP requests route through index.php
# If you change your `cpTrigger`, change it here as well
location ^~ /admin {
try_files $uri $uri/ /index.php?$query_string;
}
location ^~ /cpresources {
try_files $uri $uri/ /index.php?$query_string;
}
# php-fpm configuration
location ~ [^/]\.php(/|$) {
try_files $uri $uri/ /index.php?$query_string;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Change this to whatever version of php you are using
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTP_PROXY "";
fastcgi_param HTTP_HOST SOMEDOMAIN.com;
# Don't allow browser caching of dynamically generated content
add_header Last-Modified $date_gmt;
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
if_modified_since off;
expires off;
etag off;
# See https://github.com/nystudio107/craft-multi-environment or https://github.com/nystudio107/craft3-multi-environment
# Remove if you don't plan to use server-set ENV variables
fastcgi_param CRAFTENV_CRAFT_ENVIRONMENT "REPLACE_ME";
fastcgi_param CRAFTENV_DB_HOST "REPLACE_ME";
fastcgi_param CRAFTENV_DB_NAME "REPLACE_ME";
fastcgi_param CRAFTENV_DB_USER "REPLACE_ME";
fastcgi_param CRAFTENV_DB_PASS "REPLACE_ME";
fastcgi_param CRAFTENV_SITE_URL "REPLACE_ME";
fastcgi_param CRAFTENV_BASE_URL "REPLACE_ME";
fastcgi_param CRAFTENV_BASE_PATH "REPLACE_ME";
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
}
location ~ /\.ht {
deny all;
}
}
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/SOMEDOMAIN.com/after/*;