# NGINX
# FILE: /usr/local/etc/nginx/conf.d/drupal.conf


# Deny access to files the public does not need
location ~* ^.+(\.(txt|log|engine|inc|info|install|make|module|profile|test|po|sh|sql|theme|tpl(\.php)?|xtmpl))$ {
    internal;
}

# Deny access to other PHP files
location ~ \..*/.*\.php {
    internal;
}

# Deny access to private and backups
location ~* ^/sites/.*/(private|files/backup_migrate)/ {
    access_log off;
    return 404;
}

# Attempt to serve the request by trying direct file, directory, Drupal Controller
location / {
    try_files $uri $uri/ /index.php?q=$uri&$args;
}

# Check: http://wiki.nginx.org/Pitfalls
location ~* (install|update|apc|info)\.php$ {
    # Uncomment to protect these files
    #auth_basic "Restricted";
    #auth_basic_user_file .htpasswd;

    # filter out problem conditions
    location ~ \..*/.*\.php$ { return 404; }

    # bring in parameters
    include conf.d/fastcgi.conf;

    # send to upstream
    fastcgi_pass phpfpm;
}

# D7 location for image cache
location ~* files/styles {
    access_log off;
    log_not_found off;
    expires max;
    try_files $uri @image_rewrite;
}

# D6 location for image cache
location @image_rewrite {
    rewrite ^/(.*)$ /index.php?q=$1;
}

# Pass PHP scripts to PHP-FPM daemon
# Check: http://wiki.nginx.org/Pitfalls
location ~* \.php$ {
    # filter out problem conditions
    location ~ \..*/.*\.php$ { return 404; }

    # bring in parameters
    include conf.d/fastcgi.conf;

    # send requests to upstream
    fastcgi_pass phpfpm;
}