#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location ^~ __PATH__/ { # Path to source alias __FINALPATH__/public/ ; location __PATH__/ { rewrite ^ __PATH__/index.php; } # Force usage of https if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } # Add headers to serve security related headers more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;"; more_set_headers "X-Content-Type-Options: nosniff"; more_set_headers "X-XSS-Protection: 1; mode=block"; more_set_headers "X-Robots-Tag: none"; more_set_headers "X-Download-Options: noopen"; more_set_headers "X-Permitted-Cross-Domain-Policies: none"; more_set_headers "Referrer-Policy: no-referrer"; #index index.php; location ~ ^__PATH__/index\.php(/.*|)$ { fastcgi_split_path_info ^(.+?\.php)(/.*|)$; set $path_info $fastcgi_path_info; fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; } # Adding the cache control header for js and css files location ~ \.(?:css|js|woff2?|svg|gif)$ { try_files $uri __PATH__/index.php$request_uri; more_set_headers "Cache-Control: public, max-age=15778463"; # Add headers to serve security related headers more_set_headers "Strict-Transport-Security: max-age=15768000"; more_set_headers "X-Content-Type-Options: nosniff"; more_set_headers "X-XSS-Protection: 1; mode=block"; more_set_headers "X-Robots-Tag: none"; more_set_headers "X-Download-Options: noopen"; more_set_headers "X-Permitted-Cross-Domain-Policies: none"; more_set_headers "Referrer-Policy: no-referrer"; # Optional: Don't log access to assets access_log off; } location ~* \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { try_files $uri __FINALPATH__/index.php$request_uri; # Optional: Don't log access to other assets access_log off; } # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; }