# content server { listen 80; server_name www.; access_log /var/log/nginx/domlogs/.log; # location ~* ^/(\.git|composer\.(json|lock)|auth\.json|config\.php|wp-config\.php|vendor) { deny all; return 403; } # root /home//; location / { real_ip_header X-Forwarded-For; set_real_ip_from 172.17.0.1; try_files $uri $uri/ /index.php$is_args$args /default_page.html =404; index index.php index.html default_page.html; autoindex on; } location = /default_page.html { alias /etc/nginx/default_page.html; default_type text/html; access_log off; log_not_found off; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/-fpm.sock; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } } server { listen 443 ssl http2; server_name www.; access_log /var/log/nginx/domlogs/.log; root /home//; # SSL configuration ssl_certificate /etc/nginx/ssl/cert.crt; ssl_certificate_key /etc/nginx/ssl/cert.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; # Proxy HTTPS traffic to Varnish on port 80 location / { proxy_pass http://127.0.0.1:80; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; } location = /default_page.html { alias /etc/nginx/default_page.html; default_type text/html; access_log off; log_not_found off; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/-fpm.sock; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } # Allow access to .well-known for Certbot location ^~ /.well-known { default_type "text/plain"; root /home///; } }