#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location __PATH__/ { # Path to source alias __FINALPATH__/ ; # Force usage of https if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } index index.php; client_max_body_size 30M; try_files $uri $uri/ index.php; if (!-e $request_filename) { rewrite ^/([^/]*)/robots\.txt$ __PATH__/spip.php?page=robots.txt last; rewrite ^/([^/]*)/sitemap\.xml$ __PATH__/spip.php?page=sitemap.xml last; rewrite ^(.+)$ __PATH__/index.php?q=$1 last; } # Add headers to serve security related headers more_set_header Strict-Transport-Security "max-age=15768000;"; more_set_header X-Content-Type-Options nosniff; more_set_header X-Frame-Options "SAMEORIGIN"; more_set_header X-XSS-Protection "1; mode=block"; more_set_header X-Robots-Tag none; more_set_header X-Download-Options noopen; more_set_header X-Permitted-Cross-Domain-Policies none; location ~^/(tmp|config|\.ht)/{ deny all; } location ~* \.(jpg|jpeg|gif|css|png|js|ico|swf|mp3|pdf)$ { # Le contenu statique, est signalé au navigateur comme étant # à garder en cache une semaine. Si il y a un proxy sur la # route, celui-ci est autorisé à faire une copie et à la # cacher. rewrite ^/([^/]*)/favicon\.ico$ __PATH__/spip.php?page=favicon.ico last; expires 1w; more_set_header Cache-Control public; } location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; set $ecrire 0; if ($uri ~ ^/ecrire.*) { set $ecrire 1; } } # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; }