location YNH_EXAMPLE_PATH { # Path to source alias YNH_EXAMPLE_ALIAS ; if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Set max upload size client_max_body_size YNH_FILE_SIZE; fastcgi_buffers 64 4K; # Disable gzip to avoid the removal of the ETag header gzip off; index index.php; try_files $uri $uri/ index.php; location ~ [^/]\.php(/|$) { include fastcgi_params; fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_pass unix:/var/run/php5-fpm-YNH_EXAMPLE_APP.sock; fastcgi_index index.php; fastcgi_param REMOTE_USER $remote_user; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; fastcgi_intercept_errors on; } location ~ (uploads|thumbs){ deny all; } location ~ private { deny all; location ~* /temp/.*\.zip$ { allow all; } } location ~ core { deny all; location ~* \.js$ { allow all; } } # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; }