location __PATH__ { alias __FINALPATH__/; # Force https if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } if (!-e $request_filename) { rewrite ^(.*)$ /index.php?q=$1; } client_max_body_size 20m; client_body_buffer_size 128k; # Default indexes and catch-all index index.php; charset utf-8; # Example PHP configuration location ~* \.php$ { try_files $uri =404; fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } # make sure webfinger and other well known services aren't blocked # by denying dot files and rewrite request to the front controller location ^~ /.well-known/ { allow all; if (!-e $request_filename) { rewrite ^(.*)$ /index.php?q=$1; } } # statically serve these file types when possible # otherwise fall back to front controller # allow browser to cache them # added .htm for advanced source code editor library # location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|map|ttf|woff|woff2|svg)$ { # expires 30d; # try_files $uri /index.php?q=$uri&$args; # } # block these file types location ~* \.(tpl|md|tgz|log|out)$ { deny all; } # deny access to all dot files location ~ /\. { deny all; } #deny access to store location ~ /store { deny all; } #deny access to util location ~ /util { deny all; } }