root __FINALPATH__/ ; location __PATH__ { # Force https if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } if (!-e $request_filename) { rewrite ^(.*)$ /index.php?q=$1; } } # Example PHP configuration location ~* \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; client_max_body_size 20m; client_body_buffer_size 128k; } # make sure webfinger and other well known services aren't blocked # by denying dot files and rewrite request to the front controller location ^~ /.well-known/ { allow all; if (!-e $request_filename) { rewrite ^(.*)$ /index.php?q=$1; } } # statically serve these file types when possible # otherwise fall back to front controller # allow browser to cache them # added .htm for advanced source code editor library #location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|map|ttf|woff|woff2|svg)$ { # expires 30d; # try_files $uri /index.php?q=$uri&$args; # } # block these file types location ~* \.(tpl|md|tgz|log|out)$ { deny all; } # deny access to all dot files location ~ /\. { deny all; } #deny access to store location ~ /store { deny all; }