# content server { listen 80; server_name www.; access_log /var/log/nginx/domlogs/.log; # location ~* ^/(\.git|composer\.(json|lock)|auth\.json|config\.php|wp-config\.php|vendor) { deny all; return 403; } # ##### /phmyadmin on ##### location /phpmyadmin { proxy_pass http://localhost:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Host $host; } ##### /phmyadmin off ##### root /home//; location / { real_ip_header X-Forwarded-For; set_real_ip_from 172.17.0.1; try_files $uri $uri/ /index.php$is_args$args; index index.php index.html; autoindex on; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/-fpm.sock; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } } server { listen 443 ssl http2; server_name www.; access_log /var/log/nginx/domlogs/.log; ##### /phmyadmin on ##### location /phpmyadmin { proxy_pass http://localhost:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Host $host; } ##### /phmyadmin off ##### root /home//; # SSL Configuration ssl_certificate /etc/nginx/ssl/cert.crt; ssl_certificate_key /etc/nginx/ssl/cert.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; location / { real_ip_header X-Forwarded-For; set_real_ip_from 172.17.0.1; try_files $uri $uri/ /index.php$is_args$args; index index.php index.html; autoindex on; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/-fpm.sock; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } # Allow access to .well-known for Certbot location ^~ /.well-known { default_type "text/plain"; root /home///; } }