drupal.nginxconf 3.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117
  1. # https://www.nginx.com/resources/wiki/start/topics/recipes/drupal/
  2. server {
  3. listen [::]:80;
  4. server_name DOMAIN.LTD;
  5. root /var/www/DOMAIN.LTD/app/web;
  6. charset utf-8;
  7. location = /favicon.ico {
  8. access_log off;
  9. log_not_found off;
  10. }
  11. location = /robots.txt {
  12. allow all;
  13. access_log off;
  14. log_not_found off;
  15. }
  16. location ~ \..*/.*\.php$ {
  17. return 403;
  18. }
  19. location ~ ^/sites/.*/private/ {
  20. return 403;
  21. }
  22. # Block access to scripts in site files directory
  23. location ~ ^/sites/[^/]+/files/.*\.php$ {
  24. deny all;
  25. }
  26. # Allow "Well-Known URIs" as per RFC 5785
  27. location ~* ^/.well-known/ {
  28. allow all;
  29. }
  30. # Block access to "hidden" files and directories whose names begin with a
  31. # period. This includes directories used by version control systems such
  32. # as Subversion or Git to store control files.
  33. location ~ (^|/)\. {
  34. return 403;
  35. }
  36. location / {
  37. # try_files $uri @rewrite; # For Drupal <= 6
  38. try_files $uri /index.php?$query_string; # For Drupal >= 7
  39. }
  40. location @rewrite {
  41. rewrite ^/(.*)$ /index.php?q=$1;
  42. }
  43. # Don't allow direct access to PHP files in the vendor directory.
  44. location ~ /vendor/.*\.php$ {
  45. deny all;
  46. return 404;
  47. }
  48. location ~ /\.ht {
  49. deny all;
  50. }
  51. access_log on;
  52. error_log /var/www/DOMAIN.LTD/log/error.log;
  53. sendfile off;
  54. client_max_body_size 100m;
  55. # In Drupal 8, we must also match new paths where the '.php' appears in
  56. # the middle, such as update.php/selection. The rule we use is strict,
  57. # and only allows this pattern with the update.php front controller.
  58. # This allows legacy path aliases in the form of
  59. # blog/index.php/legacy-path to continue to route to Drupal nodes. If
  60. # you do not have any paths like that, then you might prefer to use a
  61. # laxer rule, such as:
  62. # location ~ \.php(/|$) {
  63. # The laxer rule will continue to work if Drupal uses this new URL
  64. # pattern with front controllers other than update.php in a future
  65. # release.
  66. location ~ '\.php$|^/update.php' {
  67. # fastcgi_split_path_info ^(.+\.php)(/.+)$;
  68. fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
  69. include fastcgi.conf;
  70. # Block httpoxy attacks. See https://httpoxy.org/.
  71. fastcgi_param HTTP_PROXY "";
  72. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  73. fastcgi_param PATH_INFO $fastcgi_path_info;
  74. fastcgi_param QUERY_STRING $query_string;
  75. fastcgi_intercept_errors on;
  76. # fastcgi_buffer_size 16k;
  77. # fastcgi_buffers 4 16k;
  78. fastcgi_pass 127.0.0.1:9000;
  79. }
  80. # Fighting with Styles? This little gem is amazing.
  81. # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
  82. location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
  83. try_files $uri @rewrite;
  84. }
  85. # Handle private files through Drupal. Private file's path can come
  86. # with a language prefix.
  87. location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
  88. try_files $uri /index.php?$query_string;
  89. }
  90. location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
  91. try_files $uri @rewrite;
  92. expires max;
  93. log_not_found off;
  94. }
  95. # website should not be displayed inside a <frame>, an <iframe> or an <object>
  96. add_header X-Frame-Options SAMEORIGIN;
  97. }