server { listen 80 default_server; listen [::]:80 default_server; # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; root /var/www/html; # Add index.php to the list if you are using PHP index index.html index.htm index.php; server_name _; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } location /phpmyadmin { root /usr/share/webapps/; auth_basic "Admin Login"; auth_basic_user_file passwds; # Deny static files location ~ ^/phpMyAdmin/(README|LICENSE|ChangeLog|DCO)$ { deny all; } # Deny .md files location ~ ^/phpMyAdmin/(.+\.md)$ { deny all; } # Deny setup directories location ~ ^/phpMyAdmin/(doc|sql|setup)/ { deny all; } location ~ ^/phpmyadmin/(.+\.php)$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; try_files $uri $document_root$fastcgi_script_name =404; fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTP_PROXY ""; fastcgi_param HTTPS off; fastcgi_request_buffering off; } location ~ ^/phpmyadmin/(.*\.(eot|otf|woff|ttf|css|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|xls|tar|bmp))$ { root /usr/share/webapps/; expires 30d; log_not_found off; access_log off; } } # pass PHP scripts to FastCGI server location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one location ~ /\.ht { deny all; } ## Images and static content is treated different location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ { access_log off; expires max; } location ~ /(libraries|setup/frames|setup/libs) { deny all; return 404; } location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; # allow CURRENT-SERVER-IP; deny all; } # website should not be displayed inside a , an