server {
listen 80 ;
#listen [::]:80 ;
server_name domain.ru www.domain.ru;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name www.domain.ru;
return 301 $scheme://domain.ru$request_uri;
}
server {
listen 443 ssl http2 default_server;
#listen [::]:443 ssl http2 ;
server_name domain.ru;
include snippets/domain-signed.conf;
include snippets/ssl-params.conf;
root /var/www/domain.ru;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/sites/default/settings.php {
return 403;
}
location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
deny all;
}
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~* ^/.well-known/ {
allow all;
}
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri /index.php?$query_string;
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~ \.php(/|$) {
include snippets/fastcgi-php.conf;
fastcgi_param HTTP_PROXY "";
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_intercept_errors on;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
}