blackice2999 · January 13, 2016 08:29
diff --git a/drupal78.nginx.conf b/drupal78.nginx.conf
 server {
        listen 80;
        root /var/www/web;

        # Enable compression
        gzip_static on;

        # Upload max size
        client_max_body_size 10m;

        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }

        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }

        # Block access to "hidden" files and directories.
        location ~ (^|/)\. {
                return 403;
        }

        #
        # THIS PART IS OFTEN FORGOTTEN
        #

        # Drupal: Very rarely should these ever be accessed outside of your lan
        location ~* \.(engine|inc|install|make|module|profile|po|sh|sql|theme|twig|tpl(\.php)|xtmpl|yml|txt|log|po)$ {
                deny all;
        }

        location ~ ^(Entries.*|Repository|Root|Tag|Template) {
                deny all;
        }

        # Drupal: protect some directory
        location ~ (files) {
                location ~ $1/(translations|php|config(.*)) {
                    deny all;
                }
        }

        # Block access to php files outside
        location ~ \..*/.*\.php$ {
                return 403;
        }


        # @rewrite location > index.php
        location @rewrite {
                rewrite ^ /index.php;
        }

        #
        #
        #

        location / {
                # This is cool because no php is touched for static content
                try_files $uri @rewrite;
        }

        # Drupal generates image styled images on first access but webserver will return
        # 404 if not existing. This rule ensures that access to image style that not exist will be
        # redirected to Drupal (index.php) so the files can be generated.
        #
        location ~ ^/files/styles/ {
                try_files $uri @rewrite;
        }

        location ~ ^/sites/.*/files/styles/ {
                try_files $uri @rewrite;
        }

        #
        # Optional: Set caching header for some static file to maximum
        #
        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                expires max;
                log_not_found off;
        }

        location ~ \.php$ {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $request_filename;
                fastcgi_intercept_errors on;
                fastcgi_pass 127.0.0.1:9000;
        }
 }
	server {
	listen 80;
	root /var/www/web;

	# Enable compression
	gzip_static on;

	# Upload max size
	client_max_body_size 10m;

	location = /favicon.ico {
	log_not_found off;
	access_log off;
	}

	location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
	}

	# Block access to "hidden" files and directories.
	location ~ (^\|/)\. {
	return 403;
	}

	#
	# THIS PART IS OFTEN FORGOTTEN
	#

	# Drupal: Very rarely should these ever be accessed outside of your lan
	location ~* \.(engine\|inc\|install\|make\|module\|profile\|po\|sh\|sql\|theme\|twig\|tpl(\.php)\|xtmpl\|yml\|txt\|log\|po)$ {
	deny all;
	}

	location ~ ^(Entries.*\|Repository\|Root\|Tag\|Template) {
	deny all;
	}

	# Drupal: protect some directory
	location ~ (files) {
	location ~ $1/(translations\|php\|config(.*)) {
	deny all;
	}
	}

	# Block access to php files outside
	location ~ \../.\.php$ {
	return 403;
	}


	# @rewrite location > index.php
	location @rewrite {
	rewrite ^ /index.php;
	}

	#
	#
	#

	location / {
	# This is cool because no php is touched for static content
	try_files $uri @rewrite;
	}

	# Drupal generates image styled images on first access but webserver will return
	# 404 if not existing. This rule ensures that access to image style that not exist will be
	# redirected to Drupal (index.php) so the files can be generated.
	#
	location ~ ^/files/styles/ {
	try_files $uri @rewrite;
	}

	location ~ ^/sites/.*/files/styles/ {
	try_files $uri @rewrite;
	}

	#
	# Optional: Set caching header for some static file to maximum
	#
	location ~* \.(js\|css\|png\|jpg\|jpeg\|gif\|ico)$ {
	expires max;
	log_not_found off;
	}

	location ~ \.php$ {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
	include fastcgi_params;
	fastcgi_param SCRIPT_FILENAME $request_filename;
	fastcgi_intercept_errors on;
	fastcgi_pass 127.0.0.1:9000;
	}
	}