nginx-site configs

git.home.popstas.ru.conf

server {
   listen 443 ssl http2;
   server_name git.home.popstas.ru;
   access_log off;
   ssl_certificate /etc/letsencrypt/live/git.home.popstas.ru/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/git.home.popstas.ru/privkey.pem;
   ssl_dhparam /etc/ssl/certs/dhparam.pem;
   location / {
     proxy_pass http://localhost:10080;
     proxy_set_header Host $http_host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
   }
   location ~ /.well-known {
     root /usr/share/nginx/html;
     allow all;
   }

}

popstas.ru.conf

server {
  # Redirect to main domain
  listen 443 ssl http2;
  server_name www.popstas.ru ;
  ssl_certificate /home/popstas/certs/popstas.ru.fullchain;
  ssl_certificate_key /home/popstas/certs/popstas.ru.key;
  return 301 https://popstas.ru$request_uri;
}

server {
  # Redirect to main domain
  listen 80;
  server_name popstas.ru www.popstas.ru ;
  return 301 https://popstas.ru$request_uri;
}


server {
  listen 443 ssl http2;
  server_name popstas.ru ;
  root /home/popstas/www/popstas.ru;
  index index.php index.html;

  ssl_certificate /home/popstas/certs/popstas.ru.fullchain;
  ssl_certificate_key /home/popstas/certs/popstas.ru.key;
  add_header Strict-Transport-Security "max-age=15768000"; # HSTS
  # site_nginx_engine_server
  location / {
    # site_nginx_location_static_files
    # Static files location
    location ~* ^.+\.(?:jpg|jpeg|gif|png|ico|css|less|zip|tgz|gz|rar|bz2|doc|docx|xls|xlsx|ppt|ppts|pptsx|exe|txt|tar|mid|midi|wav|bmp|rtf|js|swf|flv|woff|woff2|eot|ttf|cur|svg)$
    {
      access_log off;
      log_not_found off;
      expires 30d;
      ## No need to bleed constant updates. Send the all shebang in one
      ## fell swoop.
      tcp_nodelay off;
      ## Set the OS file cache.
      open_file_cache max=3000 inactive=120s;
      open_file_cache_valid 45s;
      open_file_cache_min_uses 2;
      open_file_cache_errors off;
      #try_files $uri /404.html @fallback;
    }

    ## PDFs and powerpoint files handling.
    location ~* ^.+\.(?:pdf|pptx?)$ {
      expires 30d;
      ## No need to bleed constant updates. Send the all shebang in one
      ## fell swoop.
      tcp_nodelay off;
    }


    # site_nginx_location_php
    # need for urls such /index.php
    location ~* ^.+\.php$ {
      proxy_pass http://apache;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      # for pass Basic auth from nginx to php-fpm for bitrix
      proxy_set_header REMOTE_USER $remote_user;
      proxy_set_header X-Forwarded-User $remote_user;
      proxy_set_header Authorization $http_authorization;


    }


    # site_nginx_custom_root_location


    try_files $uri @rewrite;
  }

  # site_nginx_location_rewrite
  location @rewrite {
    access_log /var/log/nginx/access.log combined_host;
    access_log /var/log/nginx/drupal_cache_hit.log drupal_cache_hit;

    proxy_pass http://apache;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    # for pass Basic auth from nginx to php-fpm for bitrix
    proxy_set_header REMOTE_USER $remote_user;
    proxy_set_header X-Forwarded-User $remote_user;
    proxy_set_header Authorization $http_authorization;



    }
  # end of @rewrite


  # site_nginx_location_default
  location = /clientstat {
    return 200;
    access_log /var/log/nginx/clientstat.access.log combined_host;
  }

  ## see more settings for mp3, ogg, mp4, flv at https://github.com/perusio/drupal-with-nginx

  ## Replicate the Apache <FilesMatch> directive of Drupal standard
  ## .htaccess. Disable access to any code files. Return a 404 to curtail
  ## information disclosure. Hide also the text files.
  location ~* ^(?:.+\.(?:htaccess|make|txt|md|engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ {
    return 404;
  }

  location /\.git {
    deny all;
  }
  location /backup {
    deny all;
  }
  location /build {
    deny all;
  }
  location /logs {
    deny all;
  }
  location /patches {
    deny all;
  }
  location /tmp {
    deny all;
  }
  location /modified.txt {
    deny all;
  }

  location ~ /site_tests.json {
    return 404;
  }

  ## Disable access logs for robots.txt.
  location = /robots.txt {
    access_log off;
  }

  ## RSS feed support.
  location = /rss.xml {
    try_files $uri @rewrite;
  }

  ## XML Sitemap support.
  location = /sitemap.xml {
    try_files $uri @rewrite;
  }

  ## xmlrpc support.
  location = /xmlrpc.php {
    proxy_pass http://apache;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

  }

  ## Support for favicon. Return a 204 (No Content) if the favicon
  ## doesn't exist.
  location = /favicon.ico {
    access_log off;
    try_files /favicon.ico =204;
  }

  location = /404.html {
    internal;
  }
}