hiddenl00p/nginx.conf

## nginx.conf
# Redirect everything to the main site. We use a separate server statement and NOT an if statement - see http://wiki.nginx.org/IfIsEvil

server {
        server_name  _;
        rewrite ^ $scheme://sitename.com$request_uri redirect;
}

server {
    listen 80;
    server_name sitename.com;
    root /home/forge/sitename.com;

    # FORGE SSL (DO NOT REMOVE!)
    # ssl_certificate;
    # ssl_certificate_key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    index index.php;

    charset utf-8;

    access_log off;
    error_log  /var/log/nginx/sitename.com-error.log error;

    ### Global restrictions ###

   location = /favicon.ico {
    	log_not_found off;
    	access_log off;
    }

    location = /robots.txt {
    	allow all;
    	log_not_found off;
    	access_log off;
    }

    # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
    # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
    location ~ /\. {
    	deny all;
    }

    # Deny access to any files with a .php extension in the uploads directory
    # Works in sub-directory installs and also in multisite network
    # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
    location ~* /(?:uploads|files)/.*\.php$ {
    	deny all;
    }

    ### WordPress Rules ###

    # This order might seem weird - this is attempted to match last if rules below fail.
    # http://wiki.nginx.org/HttpCoreModule
    location / {
    	try_files $uri $uri/ /index.php?$args;
    }

    # Add trailing slash to */wp-admin requests.
    rewrite /wp-admin$ $scheme://$host$uri/ permanent;

    # Directives to send expires headers and turn off 404 error logging.
    location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
           access_log off; log_not_found off; expires max;
    }

    # Uncomment one of the lines below for the appropriate caching plugin (if used).
    #include global/wordpress-wp-super-cache.conf;
    #include global/wordpress-w3-total-cache.conf;

    # Pass all .php files onto a php-fpm/php-fcgi server.
    location ~ [^/]\.php(/|$) {
    	fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    	if (!-f $document_root$fastcgi_script_name) {
    		return 404;
    	}
    	# This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)

    	include fastcgi.conf;
    	fastcgi_index index.php;
        fastcgi_intercept_errors off;
    	fastcgi_pass php;
    }

}
	# Redirect everything to the main site. We use a separate server statement and NOT an if statement - see http://wiki.nginx.org/IfIsEvil

	server {
	server_name _;
	rewrite ^ $scheme://sitename.com$request_uri redirect;
	}

	server {
	listen 80;
	server_name sitename.com;
	root /home/forge/sitename.com;

	# FORGE SSL (DO NOT REMOVE!)
	# ssl_certificate;
	# ssl_certificate_key;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

	index index.php;

	charset utf-8;

	access_log off;
	error_log /var/log/nginx/sitename.com-error.log error;

	### Global restrictions ###

	location = /favicon.ico {
	log_not_found off;
	access_log off;
	}

	location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
	}

	# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
	# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
	location ~ /\. {
	deny all;
	}

	# Deny access to any files with a .php extension in the uploads directory
	# Works in sub-directory installs and also in multisite network
	# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
	location ~* /(?:uploads\|files)/.*\.php$ {
	deny all;
	}

	### WordPress Rules ###

	# This order might seem weird - this is attempted to match last if rules below fail.
	# http://wiki.nginx.org/HttpCoreModule
	location / {
	try_files $uri $uri/ /index.php?$args;
	}

	# Add trailing slash to */wp-admin requests.
	rewrite /wp-admin$ $scheme://$host$uri/ permanent;

	# Directives to send expires headers and turn off 404 error logging.
	location ~* ^.+\.(ogg\|ogv\|svg\|svgz\|eot\|otf\|woff\|mp4\|ttf\|rss\|atom\|jpg\|jpeg\|gif\|png\|ico\|zip\|tgz\|gz\|rar\|bz2\|doc\|xls\|exe\|ppt\|tar\|mid\|midi\|wav\|bmp\|rtf)$ {
	access_log off; log_not_found off; expires max;
	}

	# Uncomment one of the lines below for the appropriate caching plugin (if used).
	#include global/wordpress-wp-super-cache.conf;
	#include global/wordpress-w3-total-cache.conf;

	# Pass all .php files onto a php-fpm/php-fcgi server.
	location ~ [^/]\.php(/\|$) {
	fastcgi_split_path_info ^(.+?\.php)(/.*)$;
	if (!-f $document_root$fastcgi_script_name) {
	return 404;
	}
	# This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)

	include fastcgi.conf;
	fastcgi_index index.php;
	fastcgi_intercept_errors off;
	fastcgi_pass php;
	}

	}