server { listen {{ data.sites[_site].ipv4 !== '*' ? data.sites[_site].ipv4 + ':' : '' }}80; listen [{{ data.sites[_site].ipv6 }}]:80; listen {{ data.sites[_site].ipv4 !== '*' ? data.sites[_site].ipv4 + ':' : '' }}443 ssl{{ isHTTP2() ? ' http2' : '' }}; listen [{{ data.sites[_site].ipv6 }}]:443 ssl{{ isHTTP2() ? ' http2' : '' }}; server_name {{ isWWW() ? 'www.' : '' }}{{ _domain }}; set $base {{ getPath(_site) }}; root $base{{ data.sites[_site].document_root }}; root {{ getPath(_site) }}{{ data.sites[_site].document_root }}; # SSL ssl_certificate {{ getSslCertificate(_site) }}; ssl_certificate_key {{ getSslCertificateKey(_site) }}; ssl_trusted_certificate /etc/letsencrypt/live/{{ _domain }}/chain.pem; # HSTS add_header Strict-Transport-Security "max-age=31536000{{ isHSTSSubdomains(_site) ? '; includeSubDomains' : '' }}{{ isHSTSPreload(_site) ? '; preload' : '' }}" always; # logging access_log {{ getAccessLogDomainPath(_site) }}; error_log {{ getErrorLogDomainPath(_site) }}; # index.php index index.php; # {{ isFallbackHTML(_site) ? 'index.html' : ( isFallbackPHP(_site) ? 'index.php' : '' ) }} fallback location / { try_files $uri $uri/ {{ isFallbackHTML(_site) ? '/index.html' : ( isFallbackPHP(_site) ? '/index.php?$query_string' : '' ) }}; } # index.php fallback location ~ ^{{ data.sites[_site].fallback_php_path }} { try_files $uri $uri/ /index.php?$query_string; } # Python location / { include nginxconfig.io/python_uwsgi.conf;

} # Django media location /media/ { alias $base/media/; } # Django static location /static/ { alias $base/static/; } # reverse proxy location {{ data.sites[_site].proxy_path }} { proxy_pass {{ data.sites[_site].proxy_pass }}; include nginxconfig.io/proxy.conf;

} # handle .php location ~ {{ isLegacyPHPRouting(_site) ? '[^/]\\.php(/|$)' : '\\.php$' }} { include nginxconfig.io/php_fastcgi.conf;

} include nginxconfig.io/general.conf; include nginxconfig.io/wordpress.conf; include nginxconfig.io/drupal.conf; include nginxconfig.io/magento.conf;

} # CDN server { listen {{ data.sites[_site].ipv4 !== '*' ? data.sites[_site].ipv4 + ':' : '' }}{{ isHTTPS(_site) ? '443 ssl' : '80' }}{{ isHTTP2(_site) ? ' http2' : '' }}; listen [{{ data.sites[_site].ipv6 }}]:{{ isHTTPS(_site) ? '443 ssl' : '80' }}{{ isHTTP2(_site) ? ' http2' : '' }}; server_name cdn.{{ _domain }}; root /var/www/{{ _domain }}{{ data.sites[_site].document_root }}; access_log off; # SSL ssl_certificate {{ getSslCertificate(_site) }}; ssl_certificate_key {{ getSslCertificateKey(_site) }}; ssl_trusted_certificate /etc/letsencrypt/live/{{ _domain }}/chain.pem; # disable access_log access_log off; # gzip gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_types {{ gzipTypes }}; # allow safe files location ~* \.(?:{{ extensions.assets }}|{{ extensions.fonts }}|{{ extensions.svg }}|{{ extensions.images }}|{{ extensions.audio }}|{{ extensions.video }}|{{ extensions.docs }})$ { add_header Access-Control-Allow-Origin "*"; add_header Cache-Control "public"; expires 30d; } # deny everything else location / { deny all; } } # {{ isWWW() ? 'non-www, ' : '' }}subdomains redirect server { listen {{ data.sites[_site].ipv4 !== '*' ? data.sites[_site].ipv4 + ':' : '' }}{{ isHTTPS() ? '443 ssl' : '80' }}{{ isHTTP2() ? ' http2' : '' }}; listen [{{ data.sites[_site].ipv6 }}]:{{ isHTTPS() ? '443 ssl' : '80' }}{{ isHTTP2() ? ' http2' : '' }}; server_name {{ isWWW() ? ('.' + _domain) : ('*.' + _domain) }}; # SSL ssl_certificate {{ getSslCertificate(_site) }}; ssl_certificate_key {{ getSslCertificateKey(_site) }}; ssl_trusted_certificate /etc/letsencrypt/live/{{ _domain }}/chain.pem; return 301 http{{ isHTTPS() ? 's' : '' }}://{{ isWWW() ? 'www.' : '' }}{{ _domain }}$request_uri; } # HTTP redirect server { listen {{ data.sites[_site].ipv4 !== '*' ? data.sites[_site].ipv4 + ':' : '' }}80; listen [{{ data.sites[_site].ipv6 }}]:80; server_name .{{ _domain }}; include nginxconfig.io/letsencrypt.conf;

location / { return 301 https://{{ isWWW(_site) ? 'www.' : '' }}{{ _domain }}$request_uri; } return 301 https://{{ isWWW(_site) ? 'www.' : '' }}{{ _domain }}$request_uri; }