jacurtis/Directus-Nginx.conf

## Directus-Nginx.conf
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/cms.jacurtis.com/before/*;

server {
    root /home/forge/cms.jacurtis.com/public;
    index  index.php index.html index.htm;
    server_name  cms.jacurtis.com;

    # FORGE SSL (DO NOT REMOVE!)
    # ssl_certificate;
    # ssl_certificate_key;

    client_max_body_size 100M;

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass    unix:/var/run/php/php7.3-fpm.sock;
        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

    # disable_symlinks if_not_owner;
    location ^~ /.well-known/ {
        allow all;
        default_type "text/plain";
    }

    location / {
        try_files $uri $uri/ /index.php$args;
    }

    # location /admin {
    #     rewrite ^/admin/(.*) /admin/index.html last;
    # }

    location /thumbnail {
        rewrite /thumbnail/(.*) /thumbnail/index.php last;
    }

    # Deny direct access to php files in extensions
    location /extensions/.+\.php$ {
        deny all;
    }

    # All uploads files (originals) cached for a year
    location ~* /uploads/([^/]+)/originals/(.*) {
        add_header Cache-Control "max-age=31536000";
    }

    # Serve php, html and cgi files as text file
    location ~* /uploads/.*\.(php|phps|php5|htm|shtml|xhtml|cgi.+)?$ {
        add_header Content-Type text/plain;
    }

    # Deny access to any file starting with .ht,
    # including .htaccess and .htpasswd
    location ~ /\.ht {
        deny all;
    }


    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/cms.jacurtis.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/cms.jacurtis.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/cms.jacurtis.com/after/*;


server {
    if ($host = cms.jacurtis.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    listen [::]:80;
    server_name  cms.jacurtis.com;
    return 404; # managed by Certbot


}
	# FORGE CONFIG (DO NOT REMOVE!)
	include forge-conf/cms.jacurtis.com/before/*;

	server {
	root /home/forge/cms.jacurtis.com/public;
	index index.php index.html index.htm;
	server_name cms.jacurtis.com;

	# FORGE SSL (DO NOT REMOVE!)
	# ssl_certificate;
	# ssl_certificate_key;

	client_max_body_size 100M;

	location ~ \.php$ {
	include snippets/fastcgi-php.conf;
	fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	}

	# disable_symlinks if_not_owner;
	location ^~ /.well-known/ {
	allow all;
	default_type "text/plain";
	}

	location / {
	try_files $uri $uri/ /index.php$args;
	}

	# location /admin {
	# rewrite ^/admin/(.*) /admin/index.html last;
	# }

	location /thumbnail {
	rewrite /thumbnail/(.*) /thumbnail/index.php last;
	}

	# Deny direct access to php files in extensions
	location /extensions/.+\.php$ {
	deny all;
	}

	# All uploads files (originals) cached for a year
	location ~* /uploads/([^/]+)/originals/(.*) {
	add_header Cache-Control "max-age=31536000";
	}

	# Serve php, html and cgi files as text file
	location ~* /uploads/.*\.(php\|phps\|php5\|htm\|shtml\|xhtml\|cgi.+)?$ {
	add_header Content-Type text/plain;
	}

	# Deny access to any file starting with .ht,
	# including .htaccess and .htpasswd
	location ~ /\.ht {
	deny all;
	}


	listen [::]:443 ssl ipv6only=on; # managed by Certbot
	listen 443 ssl; # managed by Certbot
	ssl_certificate /etc/letsencrypt/live/cms.jacurtis.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/cms.jacurtis.com/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

	}

	# FORGE CONFIG (DO NOT REMOVE!)
	include forge-conf/cms.jacurtis.com/after/*;


	server {
	if ($host = cms.jacurtis.com) {
	return 301 https://$host$request_uri;
	} # managed by Certbot


	listen 80;
	listen [::]:80;
	server_name cms.jacurtis.com;
	return 404; # managed by Certbot


	}