#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location __PATH__/ { # Path to source alias __FINALPATH__/__NAME__/ ; index index.php; if (!-e $request_filename) { rewrite ^__PATH__/(.+)$ __PATH__/index.php?q=$1 last; } # Force usage of https if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } index index.php; # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file #client_max_body_size 50M; try_files $uri $uri/ index.php; location ~ /favicon.ico { log_not_found off; access_log off; } location ~ /robots.txt { allow all; log_not_found off; access_log off; } # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; } # Allow "Well-Known URIs" as per RFC 5785 location ~* ^/.well-known/ { allow all; } # Block access to "hidden" files and directories whose names begin with a # period. This includes directories used by version control systems such # as Subversion or Git to store control files. location ~ (^|/)\. { return 403; } # Don't allow direct access to PHP files in the vendor directory. location ~ /vendor/.*\.php$ { deny all; return 404; } location ~ '[^/]\.php$|^/update.php' { fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_pass unix:/var/run/php/php7.2-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; } # Fighting with Styles? This little gem is amazing. location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } # Handle private files through Drupal. Private file's path can come # with a language prefix. location ~ ^(/[a-z\-]+)?/system/files/ { try_files $uri /index.php?$query_string; } location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { try_files $uri @rewrite; expires max; log_not_found off; } # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; } location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; }