robertsky/conf.d-site

## conf.d-site
# Redirect everything to the main site. We use a separate server statement and NOT an if statement - see http://wiki.nginx.org/IfIsEvil

server {
        server_name  _;
        rewrite ^ $scheme://example.com$request_uri redirect;
}

server {
	listen 80;
	server_name example.com www.example.com;
	rewrite ^ https://example.com$request_uri permanent;
}

server {
	listen       443 ssl http2;
#	listen 80;
	server_name  example.com;

	root /usr/share/nginx/html;

	index index.php;

	include global/restrictions.conf;

	# Additional rules go here.
#	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
#	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
#	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#        ssl_prefer_server_ciphers on;
#        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
#
#        location ^~ /.well-known/ {
#                allow all;
#        }

	location = /wp-login.php {
		return 301 /core/wp-login.php;
	}

	#Yoast sitemap
	location ~ ([^/]*)sitemap(.*)\.x(m|s)l$ {
        	## this redirects sitemap.xml to /sitemap_index.xml
		rewrite ^/sitemap\.xml$ /sitemap_index.xml permanent;
	        ## this makes the XML sitemaps work
	        rewrite ^/([a-z]+)?-?sitemap\.xsl$ /index.php?xsl=$1 last;
		rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
		rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
	        ## The following lines are optional for the premium extensions
		## News SEO
	        rewrite ^/news-sitemap\.xml$ /index.php?sitemap=wpseo_news last;
		## Local SEO
		rewrite ^/locations\.kml$ /index.php?sitemap=wpseo_local_kml last;
		rewrite ^/geo-sitemap\.xml$ /index.php?sitemap=wpseo_local last;
		## Video SEO
		rewrite ^/video-sitemap\.xsl$ /index.php?xsl=video last;
	}

	proxy_max_temp_file_size 0;

	# Only include one of the files below.
	include global/wordpress.conf;
#	include global/wordpress-ms-subdir.conf;
#	include global/wordpress-ms-subdomain.conf;
}

## global-restrictions.conf
# Global restrictions configuration file.
# Designed to be included in any server {} block.</p>
location = /favicon.ico {
        log_not_found off;
        access_log off;
}

location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
}

# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
        deny all;
}

# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
        deny all;
}

## global-wordpress.conf
# WordPress single site rules.
# Designed to be included in any server {} block.

# This order might seem weird - this is attempted to match last if rules below fail.
# http://wiki.nginx.org/HttpCoreModule
location / {
	try_files $uri $uri/ /index.php?$args;
}

# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;

# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
       access_log off; log_not_found off; expires max;
}

# Uncomment one of the lines below for the appropriate caching plugin (if used).
#include global/wordpress-wp-super-cache.conf;
#include global/wordpress-w3-total-cache.conf;

# Pass all .php files onto a php-fpm/php-fcgi server.
location ~ [^/]\.php(/|$) {
	fastcgi_split_path_info ^(.+?\.php)(/.*)$;
	if (!-f $document_root$fastcgi_script_name) {
		return 404;
	}
	# This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)

	include fastcgi_params;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_intercept_errors on;
	fastcgi_pass php;
}
	# Redirect everything to the main site. We use a separate server statement and NOT an if statement - see http://wiki.nginx.org/IfIsEvil

	server {
	server_name _;
	rewrite ^ $scheme://example.com$request_uri redirect;
	}

	server {
	listen 80;
	server_name example.com www.example.com;
	rewrite ^ https://example.com$request_uri permanent;
	}

	server {
	listen 443 ssl http2;
	# listen 80;
	server_name example.com;

	root /usr/share/nginx/html;

	index index.php;

	include global/restrictions.conf;

	# Additional rules go here.
	# ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
	# ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
	# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	# ssl_prefer_server_ciphers on;
	# ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
	#
	# location ^~ /.well-known/ {
	# allow all;
	# }

	location = /wp-login.php {
	return 301 /core/wp-login.php;
	}

	#Yoast sitemap
	location ~ ([^/])sitemap(.)\.x(m\|s)l$ {
	## this redirects sitemap.xml to /sitemap_index.xml
	rewrite ^/sitemap\.xml$ /sitemap_index.xml permanent;
	## this makes the XML sitemaps work
	rewrite ^/([a-z]+)?-?sitemap\.xsl$ /index.php?xsl=$1 last;
	rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
	rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
	## The following lines are optional for the premium extensions
	## News SEO
	rewrite ^/news-sitemap\.xml$ /index.php?sitemap=wpseo_news last;
	## Local SEO
	rewrite ^/locations\.kml$ /index.php?sitemap=wpseo_local_kml last;
	rewrite ^/geo-sitemap\.xml$ /index.php?sitemap=wpseo_local last;
	## Video SEO
	rewrite ^/video-sitemap\.xsl$ /index.php?xsl=video last;
	}

	proxy_max_temp_file_size 0;

	# Only include one of the files below.
	include global/wordpress.conf;
	# include global/wordpress-ms-subdir.conf;
	# include global/wordpress-ms-subdomain.conf;
	}
	# Global restrictions configuration file.
	# Designed to be included in any server {} block.</p>
	location = /favicon.ico {
	log_not_found off;
	access_log off;
	}

	location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
	}

	# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
	# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
	location ~ /\. {
	deny all;
	}

	# Deny access to any files with a .php extension in the uploads directory
	# Works in sub-directory installs and also in multisite network
	# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
	location ~* /(?:uploads\|files)/.*\.php$ {
	deny all;
	}
	# WordPress single site rules.
	# Designed to be included in any server {} block.

	# This order might seem weird - this is attempted to match last if rules below fail.
	# http://wiki.nginx.org/HttpCoreModule
	location / {
	try_files $uri $uri/ /index.php?$args;
	}

	# Add trailing slash to */wp-admin requests.
	rewrite /wp-admin$ $scheme://$host$uri/ permanent;

	# Directives to send expires headers and turn off 404 error logging.
	location ~* ^.+\.(ogg\|ogv\|svg\|svgz\|eot\|otf\|woff\|mp4\|ttf\|rss\|atom\|jpg\|jpeg\|gif\|png\|ico\|zip\|tgz\|gz\|rar\|bz2\|doc\|xls\|exe\|ppt\|tar\|mid\|midi\|wav\|bmp\|rtf)$ {
	access_log off; log_not_found off; expires max;
	}

	# Uncomment one of the lines below for the appropriate caching plugin (if used).
	#include global/wordpress-wp-super-cache.conf;
	#include global/wordpress-w3-total-cache.conf;

	# Pass all .php files onto a php-fpm/php-fcgi server.
	location ~ [^/]\.php(/\|$) {
	fastcgi_split_path_info ^(.+?\.php)(/.*)$;
	if (!-f $document_root$fastcgi_script_name) {
	return 404;
	}
	# This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)

	include fastcgi_params;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_intercept_errors on;
	fastcgi_pass php;
	}