derekriemer/nginx_drupal.conf

## nginx_drupal.conf
    server {
        server_name .derekriemer.com;
        listen 443 ssl;
        root /home/derek/drupal;
        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }

        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }
        # Very rarely should these ever be accessed outside of your lan
        location ~* \.(txt|log)$ {
                allow 127.0.0.1;
                deny all;
        }

        location ~ \..*/.*\.php$ {
                return 403;
        }

        # No no for private
        location ~ ^/sites/.*/private/ {
                return 403;
        }

        # Block access to "hidden" files and directories whose names begin with a
        # period. This includes directories used by version control systems such
        # as Subversion or Git to store control files.
        location ~ (^|/)\. {
                return 403;
        }
        location / {
                # This is cool because no php is touched for static content
                try_files $uri @rewrite;
        }

        location @rewrite {
                # For D7 and above:
                # Clean URLs are handled in drupal_environment_initialize().
                rewrite ^ /index.php;
        }

        location ~ \.php$ {
			include snippets/fastcgi-php.conf;
			fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        location ~^/update.php {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
                # With php7-fpm:
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
                fastcgi_index index.php;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        }

       # Fighting with ImageCache? This little gem is amazing.
        location ~ ^/sites/.*/files/imagecache/ {
                try_files $uri @rewrite;
        }
        # Catch image styles for D7 too.
        location ~ ^/sites/.*/files/styles/ {
                try_files $uri @rewrite;
        }

        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                expires max;
                log_not_found off;
        }
}
	server {
	server_name .derekriemer.com;
	listen 443 ssl;
	root /home/derek/drupal;
	location = /favicon.ico {
	log_not_found off;
	access_log off;
	}

	location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
	}
	# Very rarely should these ever be accessed outside of your lan
	location ~* \.(txt\|log)$ {
	allow 127.0.0.1;
	deny all;
	}

	location ~ \../.\.php$ {
	return 403;
	}

	# No no for private
	location ~ ^/sites/.*/private/ {
	return 403;
	}

	# Block access to "hidden" files and directories whose names begin with a
	# period. This includes directories used by version control systems such
	# as Subversion or Git to store control files.
	location ~ (^\|/)\. {
	return 403;
	}
	location / {
	# This is cool because no php is touched for static content
	try_files $uri @rewrite;
	}

	location @rewrite {
	# For D7 and above:
	# Clean URLs are handled in drupal_environment_initialize().
	rewrite ^ /index.php;
	}

	location ~ \.php$ {
	include snippets/fastcgi-php.conf;
	fastcgi_pass unix:/run/php/php7.0-fpm.sock;
	}

	location ~^/update.php {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
	# With php7-fpm:
	fastcgi_pass unix:/run/php/php7.0-fpm.sock;
	fastcgi_index index.php;
	include fastcgi_params;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	}

	# Fighting with ImageCache? This little gem is amazing.
	location ~ ^/sites/.*/files/imagecache/ {
	try_files $uri @rewrite;
	}
	# Catch image styles for D7 too.
	location ~ ^/sites/.*/files/styles/ {
	try_files $uri @rewrite;
	}

	location ~* \.(js\|css\|png\|jpg\|jpeg\|gif\|ico)$ {
	expires max;
	log_not_found off;
	}
	}