github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-20 21:34:12 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1653 from crackerizer/master

Browse source 
Fixed error on updating Letsencrypt cert with NGINX's Drupal template
This commit is contained in:
Anton Reutov 2018-07-28 18:56:23 +02:00 committed by GitHub
commit fbe93aa95b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
114 changed files with 2812 additions and 3591 deletions
Download patch file Download diff file Expand all files Collapse all files

50
install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files. }
location ~ (^|/)\. {
return 403;
}
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

58
install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

53
install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

59
install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

54
install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

50
install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files. }
location ~ (^|/)\. {
return 403;
}
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

58
install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

53
install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

59
install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

54
install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

50
install/debian/9/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files. }
location ~ (^|/)\. {
return 403;
}
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/debian/9/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

58
install/debian/9/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

53
install/debian/9/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

59
install/debian/9/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

54
install/debian/9/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

50
install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files. }
location ~ (^|/)\. {
return 403;
}
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

58
install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

53
install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

59
install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

54
install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

50
install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files. }
location ~ (^|/)\. {
return 403;
}
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

58
install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

53
install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

59
install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

54
install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

50
install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files. }
location ~ (^|/)\. {
return 403;
}
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

58
install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

53
install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

59
install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

54
install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

50
install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files. }
location ~ (^|/)\. {
return 403;
}
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

58
install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

53
install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

59
install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

54
install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

50
install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files. }
location ~ (^|/)\. {
return 403;
}
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

58
install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

53
install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

59
install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

54
install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

50
install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files. }
location ~ (^|/)\. {
return 403;
}
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

58
install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

53
install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

59
install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

54
install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

50
install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files. }
location ~ (^|/)\. {
return 403;
}
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

58
install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

53
install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

59
install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

54
install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

50
install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files. }
location ~ (^|/)\. {
return 403;
}
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

58
install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

53
install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

59
install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

54
install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

50
install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files. }
location ~ (^|/)\. {
return 403;
}
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

58
install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

53
install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

59
install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

54
install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

50
install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files. }
location ~ (^|/)\. {
return 403;
}
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

58
install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

53
install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

59
install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

54
install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

50
install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files. }
location ~ (^|/)\. {
return 403;
}
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

58
install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

53
install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

59
install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

54
install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

50
install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files. }
location ~ (^|/)\. {
return 403;
}
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

58
install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

53
install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

59
install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

54
install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

50
install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files. }
location ~ (^|/)\. {
return 403;
}
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

58
install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

53
install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

59
install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -31,51 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

54
install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,51 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$)|^/update.php {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

50
install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -31,48 +31,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files. }
location ~ (^|/)\. {
return 403;
}
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

49
install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,48 +27,42 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location @rewrite {
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

58
install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -31,50 +31,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri @rewrite;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location / {
# You have 2 options here try_files $uri /index.php?$query_string;
# For D7 and above: }
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php; location ~ /vendor/.*\.php$ {
deny all;
return 404;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

53
install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -18,7 +18,6 @@ server {
access_log off; access_log off;
} }
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ { location ~* \.(txt|log)$ {
allow 192.168.0.0/16; allow 192.168.0.0/16;
deny all; deny all;
@ -28,50 +27,44 @@ server {
return 403; return 403;
} }
# No no for private
location ~ ^/sites/.*/private/ { location ~ ^/sites/.*/private/ {
return 403; return 403;
} }
# Block access to "hidden" files and directories whose names begin with a location ~ ^/sites/[^/]+/files/.*\.php$ {
# period. This includes directories used by version control systems such deny all;
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
} }
location / { location / {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_intercept_errors on;
include /etc/nginx/fastcgi_params;
}
} }
location @rewrite { location ~ /vendor/.*\.php$ {
# You have 2 options here deny all;
# For D7 and above: return 404;
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
} }
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html; error_page 500 502 503 504 /error/50x.html;

Some files were not shown because too many files have changed in this diff Show more