server { listen {{ data.ipv4 !== '*' ? data.ipv4 + ':' : '' }}80; listen [{{ data.ipv6 }}]:80; listen {{ data.ipv4 !== '*' ? data.ipv4 + ':' : '' }}443 ssl{{ isHTTP2() ? ' http2' : '' }}; listen [{{ data.ipv6 }}]:443 ssl{{ isHTTP2() ? ' http2' : '' }}; server_name {{ isWWW() ? 'www.' : '' }}{{ domain() }}; set $base {{ data.path ? data.path : '/var/www/' + domain() }}; root $base{{ data.document_root }}; root /var/www/{{ domain() }}{{ data.document_root }}; # SSL ssl_certificate {{ sslCertificate() }}; ssl_certificate_key {{ sslCertificateKey() }}; ssl_trusted_certificate /etc/letsencrypt/live/{{ domain() }}/fullchain.pem; # logging access_log {{ accessLogDomainPath() }}; error_log {{ errorLogDomainPath() }}; # index.php index index.php; # {{ isFallbackHTML() ? 'index.html' : ( isFallbackPHP() ? 'index.php' : '' ) }} fallback location / { try_files $uri $uri/ {{ isFallbackHTML() ? '/index.html' : ( isFallbackPHP() ? '/index.php?$query_string' : '' ) }}; } # index.php fallback location ~ ^{{ data.fallback_php_path }} { try_files $uri $uri/ /index.php?$query_string; } # Python location / { include nginxconfig.io/python_uwsgi.conf;

} # reverse proxy location {{ data.proxy_path }} { proxy_pass {{ data.proxy_pass }}; include nginxconfig.io/proxy.conf;

} # handle .php location ~ \.php$ { try_files $uri =404; include nginxconfig.io/php_fastcgi.conf;

} include nginxconfig.io/general.conf; include nginxconfig.io/wordpress.conf; include nginxconfig.io/drupal.conf; include nginxconfig.io/magento.conf;

} # CDN server { listen {{ data.ipv4 !== '*' ? data.ipv4 + ':' : '' }}{{ isHTTPS() ? '443 ssl' : '80' }}{{ isHTTP2() ? ' http2' : '' }}; listen [{{ data.ipv6 }}]:{{ isHTTPS() ? '443 ssl' : '80' }}{{ isHTTP2() ? ' http2' : '' }}; server_name cdn.{{ domain() }}; root /var/www/{{ domain() }}{{ data.document_root }}; access_log off; # SSL ssl_certificate {{ sslCertificate() }}; ssl_certificate_key {{ sslCertificateKey() }}; ssl_trusted_certificate /etc/letsencrypt/live/{{ domain() }}/fullchain.pem; # disable access_log access_log off; # gzip gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_types {{ gzipTypes }}; # allow safe files location ~* \.(?:{{ extensions.assets }}|{{ extensions.fonts }}|{{ extensions.svg }}|{{ extensions.images }}|{{ extensions.audio }}|{{ extensions.video }}|{{ extensions.docs }})$ { add_header Access-Control-Allow-Origin "*"; add_header Cache-Control "public"; expires 30d; } # deny everything else location / { deny all; } } # {{ isWWW() ? 'non-www, ' : '' }}subdomains redirect server { listen {{ data.ipv4 !== '*' ? data.ipv4 + ':' : '' }}{{ isHTTPS() ? '443 ssl' : '80' }}{{ isHTTP2() ? ' http2' : '' }}; listen [{{ data.ipv6 }}]:{{ isHTTPS() ? '443 ssl' : '80' }}{{ isHTTP2() ? ' http2' : '' }}; server_name {{ isWWW() ? ('.' + domain()) : ('*.' + domain()) }}; # SSL ssl_certificate {{ sslCertificate() }}; ssl_certificate_key {{ sslCertificateKey() }}; ssl_trusted_certificate /etc/letsencrypt/live/{{ domain() }}/fullchain.pem; return 301 http{{ isHTTPS() ? 's' : '' }}://{{ isWWW() ? 'www.' : '' }}{{ domain() }}$request_uri; } # HTTP redirect server { listen {{ data.ipv4 !== '*' ? data.ipv4 + ':' : '' }}80; listen [{{ data.ipv6 }}]:80; server_name .{{ domain() }}; include nginxconfig.io/letsencrypt.conf;

location / { return 301 https://{{ isWWW() ? 'www.' : '' }}{{ domain() }}$request_uri; } return 301 https://{{ isWWW() ? 'www.' : '' }}{{ domain() }}$request_uri; }