server { listen {{ data.ipv4 !== '*' ? data.ipv4 + ':' : '' }}80; listen [{{ data.ipv6 }}]:80; listen {{ data.ipv4 !== '*' ? data.ipv4 + ':' : '' }}443 ssl{{ isHTTP2() ? ' http2' : '' }}; listen [{{ data.ipv6 }}]:443 ssl{{ isHTTP2() ? ' http2' : '' }}; server_name {{ isWWW() ? 'www.' : '' }}{{ domain() }}; set $base {{ data.path ? data.path : '/var/www/' + domain() }}; root $base{{ data.document_root }}; root /var/www/{{ domain() }}{{ data.document_root }}; index {{ data.index ? data.index : 'index.html' + (isPHP() ? ' index.php' : '') }}; # SSL ssl_certificate {{ sslCertificate() }}; ssl_certificate_key {{ sslCertificateKey() }}; ssl_trusted_certificate /etc/letsencrypt/live/{{ domain() }}/fullchain.pem; # index index {{ isIndexHtml() ? 'index.html ' : '' }}index.php; # $uri{{ isIndexHtml() ? ', index.html' : '' }}{{ isIndexPhp() ? ', index.php' : '' }} location / { try_files $uri $uri/ {{ isIndexHtml() ? '/index.html' : '' }}{{ isIndexHtml() && isIndexPhp() ? ' ' : '' }}{{ isIndexPhp() ? '/index.php?$query_string' : '' }}; } include _general.conf; include _wordpress.conf; include _php.conf;

} # CDN server { listen {{ data.ipv4 !== '*' ? data.ipv4 + ':' : '' }}{{ isHTTPS() ? '443 ssl' : '80' }}{{ isHTTP2() ? ' http2' : '' }}; listen [{{ data.ipv6 }}]:{{ isHTTPS() ? '443 ssl' : '80' }}{{ isHTTP2() ? ' http2' : '' }}; server_name cdn.{{ domain() }}; root /var/www/{{ domain() }}{{ data.document_root }}; access_log off; # SSL ssl_certificate {{ sslCertificate() }}; ssl_certificate_key {{ sslCertificateKey() }}; ssl_trusted_certificate /etc/letsencrypt/live/{{ domain() }}/fullchain.pem; # disable access_log access_log off; # gzip gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_types {{ gzipTypes }}; # allow safe files location ~* \.(?:{{ extensions.assets }}|{{ extensions.fonts }}|{{ extensions.svg }}|{{ extensions.images }}|{{ extensions.audio }}|{{ extensions.video }}|{{ extensions.docs }})$ { add_header Access-Control-Allow-Origin "*"; add_header Cache-Control "public"; expires 30d; } # deny everything else location / { deny all; } } # {{ isWWW() ? 'non-www, ' : '' }}subdomains redirect server { listen {{ data.ipv4 !== '*' ? data.ipv4 + ':' : '' }}{{ isHTTPS() ? '443 ssl' : '80' }}{{ isHTTP2() ? ' http2' : '' }}; listen [{{ data.ipv6 }}]:{{ isHTTPS() ? '443 ssl' : '80' }}{{ isHTTP2() ? ' http2' : '' }}; server_name {{ isWWW() ? ('.' + domain()) : ('*.' + domain()) }}; # SSL ssl_certificate {{ sslCertificate() }}; ssl_certificate_key {{ sslCertificateKey() }}; ssl_trusted_certificate /etc/letsencrypt/live/{{ domain() }}/fullchain.pem; return 301 https://{{ isWWW() ? 'www.' : '' }}{{ domain() }}$request_uri; } # HTTP redirect server { listen {{ data.ipv4 !== '*' ? data.ipv4 + ':' : '' }}80; listen [{{ data.ipv6 }}]:80; server_name .{{ domain() }}; include _letsencrypt.conf;

location / { return 301 https://{{ isWWW() ? 'www.' : '' }}{{ domain() }}$request_uri; } return 301 https://{{ isWWW() ? 'www.' : '' }}{{ domain() }}$request_uri; }