ivi-admin/Kirby CMS nginx config for Laravel Forge

## Kirby CMS nginx config for Laravel Forge
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/www.domain.com/before/*;

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.domain.com;
    root /home/forge/www.domain.com/;

    # FORGE SSL (DO NOT REMOVE!)
    ssl_certificate /etc/nginx/ssl/www.domain.com/160392/server.crt;
    ssl_certificate_key /etc/nginx/ssl/www.domain.com/160392/server.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/dhparams.pem;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    # FORGE CONFIG (DOT NOT REMOVE!)
    include forge-conf/www.domain.com/server/*;

    ##############################
    ## Kirby configuration
    ##############################

    location /content {
      rewrite ^/content/(.*)\.(txt|md|mdown)$ /error redirect;
    }

    location /site {
      rewrite ^/site/(.*) /error redirect;
    }

    location /kirby {
      rewrite ^/kirby/(.*) /error redirect;
    }

    location ~* \.(ico|css|js|gif|jpeg|jpg|png|woff|ttf|otf|svg|woff2|eot)$ {
        expires 1M;
        add_header Pragma public;
        add_header Cache-Control "public";
    }

    ##############################
    ## End Kirby CMS configuration
    ##############################

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    # panel links
    location /panel {
        try_files $uri $uri/ /panel/index.php?$uri&$args;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/www.domain.com-error.log error;

    error_page 404 /index.php;

    location ~ \.php$ {
        if (!-e $request_filename){
          rewrite ^/panel/(.*) /panel/index.php break;
        }

        if (!-e $request_filename) {
          rewrite ^/(.*)$ /index.php last;
          break;
        }
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }
}

# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/www.domain.com/after/*;
	# FORGE CONFIG (DOT NOT REMOVE!)
	include forge-conf/www.domain.com/before/*;

	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name www.domain.com;
	root /home/forge/www.domain.com/;

	# FORGE SSL (DO NOT REMOVE!)
	ssl_certificate /etc/nginx/ssl/www.domain.com/160392/server.crt;
	ssl_certificate_key /etc/nginx/ssl/www.domain.com/160392/server.key;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
	ssl_prefer_server_ciphers on;
	ssl_dhparam /etc/nginx/dhparams.pem;

	add_header X-Frame-Options "SAMEORIGIN";
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Content-Type-Options "nosniff";

	index index.html index.htm index.php;

	charset utf-8;

	# FORGE CONFIG (DOT NOT REMOVE!)
	include forge-conf/www.domain.com/server/*;

	##############################
	## Kirby configuration
	##############################

	location /content {
	rewrite ^/content/(.*)\.(txt\|md\|mdown)$ /error redirect;
	}

	location /site {
	rewrite ^/site/(.*) /error redirect;
	}

	location /kirby {
	rewrite ^/kirby/(.*) /error redirect;
	}

	location ~* \.(ico\|css\|js\|gif\|jpeg\|jpg\|png\|woff\|ttf\|otf\|svg\|woff2\|eot)$ {
	expires 1M;
	add_header Pragma public;
	add_header Cache-Control "public";
	}

	##############################
	## End Kirby CMS configuration
	##############################

	location / {
	try_files $uri $uri/ /index.php?$query_string;
	}

	# panel links
	location /panel {
	try_files $uri $uri/ /panel/index.php?$uri&$args;
	}

	location = /favicon.ico { access_log off; log_not_found off; }
	location = /robots.txt { access_log off; log_not_found off; }

	access_log off;
	error_log /var/log/nginx/www.domain.com-error.log error;

	error_page 404 /index.php;

	location ~ \.php$ {
	if (!-e $request_filename){
	rewrite ^/panel/(.*) /panel/index.php break;
	}

	if (!-e $request_filename) {
	rewrite ^/(.*)$ /index.php last;
	break;
	}
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
	fastcgi_index index.php;
	include fastcgi_params;
	}

	location ~ /\.ht {
	deny all;
	}
	}

	# FORGE CONFIG (DOT NOT REMOVE!)
	include forge-conf/www.domain.com/after/*;