server { listen 443 ssl; listen [::]:443 ssl; client_max_body_size 1024M; root /app/public; server_name _; index index.html index.php index.htm; ssl_certificate /certs/example.crt; ssl_certificate_key /certs/example.key; # ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # ssl_ciphers HIGH:!aNULL:!MD5; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ /index.php?$args; } # Pass thru status and ping requests to PHP-FPM location = /fpm-status { access_log off; allow 127.0.0.1; allow 10.0.0.0/8; allow 172.16.0.0/12; allow 192.168.0.0/16; deny all; fastcgi_pass unix:/run/php/php{{PHP}}-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location = /fpm-ping { access_log off; allow 127.0.0.1; allow 10.0.0.0/8; allow 172.16.0.0/12; allow 192.168.0.0/16; deny all; fastcgi_pass unix:/run/php/php{{PHP}}-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } # pass PHP scripts to PHP{{PHP}}-FPM server socket # location ~ \.php$ { try_files $uri $uri/ /index.php?$args; fastcgi_pass unix:/run/php/php{{PHP}}-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_read_timeout 300; include fastcgi_params; fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # location ~ /\.ht { deny all; } }