server { listen %ip%:%web_port%; server_name %domain_idn% %alias_idn%; root %docroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; location / { try_files $uri $uri/ /index.php?_url=$uri&$query_string; location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass %backend_lsnr%; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } } ## Begin - Security # deny all direct access for these folders location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; } # deny running scripts inside core system folders location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } # deny running scripts inside user folder location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } # deny access to specific files in the root folder location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; } ## End - Security location /vstats/ { alias %home%/%user%/web/%domain%/stats/; include %home%/%user%/web/%domain%/stats/auth.conf*; } include /etc/nginx/conf.d/phpmyadmin.inc*; include /etc/nginx/conf.d/phppgadmin.inc*; include /etc/nginx/conf.d/webmail.inc*; include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; }