Custom templates Plesk Nginx + PHP-FPM (SSL Force redirection, no proxy through Apache)

domain_nginxDomainSslForceRedirection.php

<?php
/**
 * @see /usr/local/psa/admin/conf/templates/custom/domain/nginxDomainSslForceRedirection.php
 * @var Template_VariableAccessor $VAR
 * @var array $OPT
 */
?>
server {
    listen <?php echo $OPT['ipAddress']->escapedAddress . ':' . $OPT['frontendPort']; ?>;

    server_name <?php echo $VAR->domain->asciiName ?>;
<?php if ($VAR->domain->isWildcard): ?>
    server_name ~^<?php echo $VAR->domain->pcreName ?>$;
<?php else: ?>
    server_name www.<?php echo $VAR->domain->asciiName ?>;
<?php   if ($OPT['ipAddress']->isIpV6()): ?>
    server_name ipv6.<?php echo $VAR->domain->asciiName ?>;
<?php   else: ?>
    server_name ipv4.<?php echo $VAR->domain->asciiName ?>;
<?php   endif ?>
<?php endif ?>

    location / {
        return 301 https://<?php echo $VAR->domain->asciiName ;?>$request_uri;
     }
}

domain_nginxDomainVirtualHost.php

<?php
/**
 * @see /usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php
 * @var Template_VariableAccessor $VAR
 * @var array $OPT
 */
?>
server {
    listen <?php echo $OPT['ipAddress']->escapedAddress . ':' . $OPT['frontendPort'] .
        ($OPT['default'] ? ' default_server' : '') . ($OPT['ssl'] ? ' ssl' : '') .
        ($OPT['ssl'] && $VAR->domain->physicalHosting->proxySettings['nginxHttp2'] ? ' http2' : '') ?>;

    server_name <?php echo $VAR->domain->asciiName ?>;
<?php if ($VAR->domain->isWildcard): ?>
    server_name ~^<?php echo $VAR->domain->pcreName ?>$;
<?php else: ?>
    server_name www.<?php echo $VAR->domain->asciiName ?>;
<?php   if ($OPT['ipAddress']->isIpV6()): ?>
    server_name ipv6.<?php echo $VAR->domain->asciiName ?>;
<?php   else: ?>
    server_name ipv4.<?php echo $VAR->domain->asciiName ?>;
<?php   endif ?>
<?php endif ?>
<?php // ignoring webAliases at this moment * 06 Ene 2017 : jfranco *  ?>
<?php // ignoring previewDomainName at this moment * 06 Ene 2017 : jfranco *  ?>

<?php if ($OPT['ssl']): ?>
<?php $sslCertificate = $VAR->server->sni && $VAR->domain->physicalHosting->sslCertificate ?
    $VAR->domain->physicalHosting->sslCertificate :
    $OPT['ipAddress']->sslCertificate; ?>
<?php   if ($sslCertificate->ce): ?>
    ssl_certificate             <?php echo $sslCertificate->ceFilePath ?>;
    ssl_certificate_key         <?php echo $sslCertificate->ceFilePath ?>;
<?php       if ($sslCertificate->ca): ?>
    ssl_client_certificate      <?php echo $sslCertificate->caFilePath ?>;
<?php       endif ?>
<?php   endif ?>
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 5m;
<?php endif ?>

<?php if (!empty($VAR->domain->physicalHosting->proxySettings['nginxClientMaxBodySize'])): ?>
    client_max_body_size <?php echo $VAR->domain->physicalHosting->proxySettings['nginxClientMaxBodySize'] ?>;
<?php endif; ?>

<?php if ($VAR->domain->physicalHosting->scriptTimeout): ?>
    proxy_read_timeout <?php echo min($VAR->domain->physicalHosting->scriptTimeout, 2147483); ?>;
<?php endif; ?>

    root "<?php echo $OPT['ssl'] ? $VAR->domain->physicalHosting->httpsDir : $VAR->domain->physicalHosting->httpDir ?>";
    access_log "<?php echo $VAR->domain->physicalHosting->logsDir . '/' . ($OPT['ssl'] ? 'proxy_access_ssl_log' : 'proxy_access_log') ?>";
    error_log "<?php echo $VAR->domain->physicalHosting->logsDir . '/proxy_error_log' ?>";

<?php if ($OPT['default']): ?>
<?php echo $VAR->includeTemplate('service/nginxSitePreview.php') ?>
<?php endif ?>

<?php echo $VAR->includeTemplate('domain/service/nginxSeoSafeRedirects.php', array('ssl' => $OPT['ssl'])); ?>
    gzip on;
    gzip_min_length 1100;
    gzip_buffers 4 32k;
    gzip_comp_level 6;
    gzip_proxied expired no-cache no-store private auth;
    gzip_types text/plain application/x-javascript text/xml text/css;
    gzip_vary on;
    gzip_disable "MSIE [1-6]\.";

    location = / { index index.php; }

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location ~ \.php(/.*)?$ {
        fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_pass <?php echo $VAR->domain->asciiName; ?>;
        include /etc/nginx/fastcgi.conf;
        fastcgi_cache_bypass $no_cache;
        fastcgi_no_cache $no_cache;

        fastcgi_cache WORDPRESS;
        fastcgi_cache_valid 200 3m;
    }
<?php echo $VAR->includeTemplate('domain/service/fastcgi_cache_check.php'); ?>

<?php // ignoring TransparentMode && ServeStatic at this moment * 06 Ene 2017 : jfranco *  ?>


<?php if (is_file($VAR->domain->physicalHosting->customNginxConfigFile)): ?>
    include "<?php echo $VAR->domain->physicalHosting->customNginxConfigFile ?>";
<?php endif; ?>
}

domain_service_fastcgi_cache_check.php

<?php
/**
 * @see /usr/local/psa/admin/conf/templates/custom/domain/service/fastcgi_cache_check.php
 */
?>
#fastcgi_cache start
set $no_cache 0;

# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
        set $no_cache 1;
}
if ($query_string != "") {
        set $no_cache 1;
}

# Don't cache uris containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
        set $no_cache 1;
}

# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
        set $no_cache 1;
}

fastcgi_cache.conf

# /etc/nginx/conf.d/fastcgi_cache.conf

fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=WORDPRESS:4096m inactive=120m;
fastcgi_cache_key "$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header updating http_500;

nginxDomainVhost.php

<?php echo AUTOGENERATED_CONFIGS; ?>
<?php
/**
 * @see /usr/local/psa/admin/conf/templates/custom/nginxDomainVhost.php
 * @var Template_VariableAccessor $VAR
 */
?>
<?php if ($VAR->domain->disabled): ?>
# Domain is disabled
<?php return ?>
<?php endif ?>

upstream <?php echo $VAR->domain->asciiName; ?> {
    server <?php echo $VAR->domain->physicalHosting->fpmSocket; ?>;
}
add_header X-Cache $upstream_cache_status;

<?php if ($VAR->domain->physicalHosting->ssl): ?>
<?php foreach ($VAR->domain->physicalHosting->ipAddresses as $ipAddress): ?>
<?php if ($ipAddress->defaultDomainId != $VAR->domain->id): ?>

<?php echo $VAR->includeTemplate('domain/nginxDomainVirtualHost.php',
    array(
        'ssl' => true,
        'frontendPort' => $VAR->server->nginx->httpsPort,
        'backendPort' => $VAR->server->webserver->httpsPort,
        'documentRoot' => $VAR->domain->physicalHosting->httpsDir,
        'ipAddress' => $ipAddress,
        'default' => false,
    )) ?>

<?php echo $VAR->includeTemplate('domain/nginxDomainSslForceRedirection.php',
    array(
        'frontendPort' => $VAR->server->nginx->httpPort,
        'ipAddress' => $ipAddress,
    )); ?>
<?php endif ?>
<?php endforeach ?>
<?php return ?>
<?php endif ?>

<?php foreach ($VAR->domain->physicalHosting->ipAddresses as $ipAddress): ?>
<?php if ($ipAddress->defaultDomainId != $VAR->domain->id): ?>

<?php echo $VAR->includeTemplate('domain/nginxDomainVirtualHost.php',
    array(
        'ssl' => false,
        'frontendPort' => $VAR->server->nginx->httpPort,
        'backendPort' => $VAR->server->webserver->httpPort,
        'documentRoot' => $VAR->domain->physicalHosting->httpDir,
        'ipAddress' => $ipAddress,
        'default' => false,
    )) ?>

<?php endif ?>
<?php endforeach ?>

openfilecache.conf

# /etc/nginx/conf.d/openfilecache.conf

open_file_cache          max=1000;
open_file_cache_valid    60s;
open_file_cache_min_uses 2;
open_file_cache_errors   on;