goregrish/mydomain.conf

## mydomain.conf
server {
    listen              80;
    server_name         www.mydomain.com mydomain.com;
    return              301 https://mydomain.com$request_uri;
}

server {
    listen              443 ssl;
    server_name         www.mydomain.com;
    # managed by Certbot stuff
    include snippets/ssl.conf;
    return              301 https://mydomain.com$request_uri;
}

# above redirects unsecure and www. to https://mydomain.com

server {
    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    server_name mydomain.com;
    error_log /var/log/nginx/mydomain.log warn;
    access_log off;

    # managed by Certbot stuff
    include snippets/ssl.conf;

    root /srv/www/webroot;
    index index.php index.html;

    location / {
         try_files $uri $uri/ /index.php?$uri&$args;
    }

    location ~ /(internal_data|library) {
        internal;
    }

    # handling of the request
    location ~ [^/]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    if (!-f $document_root$fastcgi_script_name) {
        return 404;
    }

    # Mitigate https://httpoxy.org/ vulnerabilities
    fastcgi_param HTTP_PROXY "";

    fastcgi_pass 127.0.0.1:9001;
    fastcgi_index index.php;

    # include the fastcgi_param setting
    include fastcgi_params;

    # SCRIPT_FILENAME parameter is used for PHP FPM determining
    #  the script name. If it is not set in fastcgi_params file,
    # i.e. /etc/nginx/fastcgi_params or in the parent contexts,
    # please comment off following line:
    fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
    }
}
	server {
	listen 80;
	server_name www.mydomain.com mydomain.com;
	return 301 https://mydomain.com$request_uri;
	}

	server {
	listen 443 ssl;
	server_name www.mydomain.com;
	# managed by Certbot stuff
	include snippets/ssl.conf;
	return 301 https://mydomain.com$request_uri;
	}

	# above redirects unsecure and www. to https://mydomain.com

	server {
	listen [::]:443 ssl; # managed by Certbot
	listen 443 ssl; # managed by Certbot
	server_name mydomain.com;
	error_log /var/log/nginx/mydomain.log warn;
	access_log off;

	# managed by Certbot stuff
	include snippets/ssl.conf;

	root /srv/www/webroot;
	index index.php index.html;

	location / {
	try_files $uri $uri/ /index.php?$uri&$args;
	}

	location ~ /(internal_data\|library) {
	internal;
	}

	# handling of the request
	location ~ [^/]\.php(/\|$) {
	fastcgi_split_path_info ^(.+?\.php)(/.*)$;
	if (!-f $document_root$fastcgi_script_name) {
	return 404;
	}

	# Mitigate https://httpoxy.org/ vulnerabilities
	fastcgi_param HTTP_PROXY "";

	fastcgi_pass 127.0.0.1:9001;
	fastcgi_index index.php;

	# include the fastcgi_param setting
	include fastcgi_params;

	# SCRIPT_FILENAME parameter is used for PHP FPM determining
	# the script name. If it is not set in fastcgi_params file,
	# i.e. /etc/nginx/fastcgi_params or in the parent contexts,
	# please comment off following line:
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	}
	}