Skip to content

Instantly share code, notes, and snippets.

@cyberlex404

cyberlex404/drupal-8--nginx.conf

Last active November 22, 2020 09:06
Show Gist options
  • Save cyberlex404/c465a99ab99ab2b2dabc35eea4611424 to your computer and use it in GitHub Desktop.
Save cyberlex404/c465a99ab99ab2b2dabc35eea4611424 to your computer and use it in GitHub Desktop.
Download ZIP
example ISP manager DRUPAL 8 nginx config
Raw
drupal-8--nginx.conf
server {
server_name svkote.cyberlex404.com www.svkote.cyberlex404.com;
charset off;
index index.php index.html;
disable_symlinks if_not_owner from=$root_path;
include /etc/nginx/vhosts-includes/*.conf;
include /etc/nginx/vhosts-resources/svkote.cyberlex404.com/*.conf;
access_log /var/www/httpd-logs/svkote.cyberlex404.com.access.log;
error_log /var/www/httpd-logs/svkote.cyberlex404.com.error.log notice;
ssi on;
return 301 https://$host:443$request_uri;
set $root_path /var/www/www-root/data/www/svkote.cyberlex404.com;
root $root_path;
listen 176.112.192.91:80;
location / {
location ~ [^/]\.ph(p\d*|tml)$ {
try_files /does_not_exists @php;
}
}
location @php {
fastcgi_index index.php;
fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f [email protected]";
fastcgi_pass unix:/var/www/php-fpm/www-root.sock;
fastcgi_split_path_info ^((?U).+\.ph(?:p\d*|tml))(/?.+)$;
try_files $uri =404;
include fastcgi_params;
}
}
server {
server_name svkote.cyberlex404.com www.svkote.cyberlex404.com;
ssl on;
ssl_certificate "/var/www/httpd-cert/www-root/svkote.cyberlex404.com.crt";
ssl_certificate_key "/var/www/httpd-cert/www-root/svkote.cyberlex404.com.key";
ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=31536000;";
ssl_dhparam /etc/ssl/certs/dhparam4096.pem;
charset off;
index index.php index.html;
disable_symlinks if_not_owner from=$root_path;
include /etc/nginx/vhosts-includes/*.conf;
include /etc/nginx/vhosts-resources/svkote.cyberlex404.com/*.conf;
access_log /var/www/httpd-logs/svkote.cyberlex404.com.access.log;
error_log /var/www/httpd-logs/svkote.cyberlex404.com.error.log notice;
ssi on;
set $root_path /var/www/www-root/data/www/svkote.cyberlex404.com;
root $root_path;
listen 176.112.192.91:443;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~ (^|/)\. {
return 403;
}
location / {
# try_files $uri @rewrite; # For Drupal <= 6
try_files $uri /index.php?$query_string; # For Drupal >= 7
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
# Don't allow direct access to PHP files in the vendor directory.
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
include fastcgi_params;
fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f [email protected]";
fastcgi_pass unix:/var/www/php-fpm/www-root.sock;
# Block httpoxy attacks. See https://httpoxy.org/.
fastcgi_param HTTP_PROXY "";
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_intercept_errors on;
}
location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
try_files $uri @rewrite;
}
# Handle private files through Drupal. Private file's path can come
# with a language prefix.
location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment