sapid/blestav3.conf

## blestav3.conf
server {
    listen   80;
    listen   [::]:80 ipv6only=on; # This last flag can fix some issues nginx can have with binding to ports.

    server_name www.example.com;

    return 301 https://$server_name$request_uri; #Force SSL
}

server {
        listen 443; #SSL Only
        server_name my.example.com;
        root /var/www;
        index index.php index.html index.htm;
        # Turn on SSL
        ssl on;
	ssl_certificate /etc/nginx/ssl/server.crt;
	ssl_certificate_key /etc/nginx/ssl/server.key;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 3m;
	# Protect against BEAST attacks
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers !aNULL:!eNULL:FIPS@STRENGTH;
	ssl_prefer_server_ciphers on;
	client_body_buffer_size 32m;

        #error_page 404 /404.html;
        # redirect server error pages to the static page /50x.html
        # Set to directory of error files
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
                root /usr/share/nginx/www;
        }

# pass the PHP scripts to PHP FPM
location /index.php/ {
  #error_page     404 = /index.php; #IF file doesn't exist
  log_not_found  off;
  rewrite ^/index.php/(.*)$ /index.php last;
  # For access to install file
  if ($request_uri ~ "^(.*)/install.php$"){
      rewrite install.php /%1/install/ redirect;
    }
  }

location ~ /index\.php$ {
    try_files $uri =404;
    # Tweak for Nginx to work with PHP from vendors
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
    fastcgi_param SERVER_NAME prgmr.com; # CHANGE TO FQDN FOR THIS SERVER
    fastcgi_param SERVER_ADDR 127.0.0.1; # CHANGE TO EXTERNAL IP FOR THIS SERVER
    fastcgi_connect_timeout 60;
    fastcgi_send_timeout 180;
    fastcgi_read_timeout 180;
    # Buffer settings increase to compensate for increased time/size due to SSL
    fastcgi_buffer_size 128k;
    fastcgi_buffers 4 256k; #
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_intercept_errors on;
    # With php5-cgi alone:
    fastcgi_pass 127.0.0.1:9000;
    # With php5-fpm (recommended)
    #fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
}

location /index.php/admin/ {
   allow 127.0.0.1;
   deny all;
   if ($remote_addr = 127.0.0.1 ) { # Only rewrite if locally connected.
     rewrite ^/index.php/admin(.*)$ /index.php last;}
}

# Disallow access to any file with .pdt extension
location ~ (\.pdt) {
    return 404;
}

}

## fastcgi_params
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  HTTPS              $https if_not_empty;
fastcgi_param  REDIRECT_STATUS    200;
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        127.0.0.1 # CHANGE THIS TO EXTERNAL IP #$server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;
	server {
	listen 80;
	listen [::]:80 ipv6only=on; # This last flag can fix some issues nginx can have with binding to ports.

	server_name www.example.com;

	return 301 https://$server_name$request_uri; #Force SSL
	}

	server {
	listen 443; #SSL Only
	server_name my.example.com;
	root /var/www;
	index index.php index.html index.htm;
	# Turn on SSL
	ssl on;
	ssl_certificate /etc/nginx/ssl/server.crt;
	ssl_certificate_key /etc/nginx/ssl/server.key;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 3m;
	# Protect against BEAST attacks
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers !aNULL:!eNULL:FIPS@STRENGTH;
	ssl_prefer_server_ciphers on;
	client_body_buffer_size 32m;

	#error_page 404 /404.html;
	# redirect server error pages to the static page /50x.html
	# Set to directory of error files
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root /usr/share/nginx/www;
	}

	# pass the PHP scripts to PHP FPM
	location /index.php/ {
	#error_page 404 = /index.php; #IF file doesn't exist
	log_not_found off;
	rewrite ^/index.php/(.*)$ /index.php last;
	# For access to install file
	if ($request_uri ~ "^(.*)/install.php$"){
	rewrite install.php /%1/install/ redirect;
	}
	}

	location ~ /index\.php$ {
	try_files $uri =404;
	# Tweak for Nginx to work with PHP from vendors
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
	fastcgi_param SERVER_NAME prgmr.com; # CHANGE TO FQDN FOR THIS SERVER
	fastcgi_param SERVER_ADDR 127.0.0.1; # CHANGE TO EXTERNAL IP FOR THIS SERVER
	fastcgi_connect_timeout 60;
	fastcgi_send_timeout 180;
	fastcgi_read_timeout 180;
	# Buffer settings increase to compensate for increased time/size due to SSL
	fastcgi_buffer_size 128k;
	fastcgi_buffers 4 256k; #
	fastcgi_busy_buffers_size 256k;
	fastcgi_temp_file_write_size 256k;
	fastcgi_intercept_errors on;
	# With php5-cgi alone:
	fastcgi_pass 127.0.0.1:9000;
	# With php5-fpm (recommended)
	#fastcgi_pass unix:/var/run/php5-fpm.sock;
	fastcgi_index index.php;
	include fastcgi_params;
	}

	location /index.php/admin/ {
	allow 127.0.0.1;
	deny all;
	if ($remote_addr = 127.0.0.1 ) { # Only rewrite if locally connected.
	rewrite ^/index.php/admin(.*)$ /index.php last;}
	}

	# Disallow access to any file with .pdt extension
	location ~ (\.pdt) {
	return 404;
	}

	}
	fastcgi_param QUERY_STRING $query_string;
	fastcgi_param REQUEST_METHOD $request_method;
	fastcgi_param CONTENT_TYPE $content_type;
	fastcgi_param CONTENT_LENGTH $content_length;

	fastcgi_param SCRIPT_NAME $fastcgi_script_name;
	fastcgi_param REQUEST_URI $request_uri;
	fastcgi_param DOCUMENT_URI $document_uri;
	fastcgi_param DOCUMENT_ROOT $document_root;
	fastcgi_param SERVER_PROTOCOL $server_protocol;
	fastcgi_param HTTPS $https if_not_empty;
	fastcgi_param REDIRECT_STATUS 200;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

	fastcgi_param GATEWAY_INTERFACE CGI/1.1;
	fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;

	fastcgi_param REMOTE_ADDR $remote_addr;
	fastcgi_param REMOTE_PORT $remote_port;
	fastcgi_param SERVER_ADDR 127.0.0.1 # CHANGE THIS TO EXTERNAL IP #$server_addr;
	fastcgi_param SERVER_PORT $server_port;
	fastcgi_param SERVER_NAME $server_name;

	# PHP only, required if PHP was built with --enable-force-cgi-redirect
	fastcgi_param REDIRECT_STATUS 200;