#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location ^~ __PATH__/ { # Path to source alias __INSTALL_DIR__/; more_set_headers "Referrer-Policy: origin always"; more_set_headers "X-Content-Type-Options: nosniff"; more_set_headers "X-XSS-Protection: 1; mode=block"; index index.php; # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file client_max_body_size 50M; try_files $uri $uri/ =404; location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; } ## deny access to all other .php files location ~* ^.+\.php$ { deny all; return 403; } ## disable all access to the following directories location ^~ __PATH__/config/ { deny all; return 403; } location ^~ __PATH__/tmp/ { deny all; return 403; } location ^~ __PATH__/core/ { deny all; return 403; } location ^~ __PATH__/lang/ { deny all; return 403; } location ~ __PATH__/\.ht { deny all; return 403; } location ~ js/container_.*_preview\.js$ { expires off; more_set_headers "Cache-Control: private, no-cache, no-store"; } location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ { allow all; ## Cache images,CSS,JS and webfonts for an hour ## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade expires 1h; more_set_headers "Pragma: public"; more_set_headers "Cache-Control: public"; } location ~ ^__PATH__/(libs|vendor|plugins|misc|node_modules) { deny all; return 403; } ## properly display textfiles in root directory location ~__PATH__/(.*\.md|LEGALNOTICE|LICENSE) { default_type text/plain; } # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; }