server { server_name bin.zavage.net; root /home/privatebin/bin.zavage.net/PrivateBin; # log_format custom '$remote_addr - $remote_user [$time_iso8601] ' # '"$request" $status $body_bytes_sent ' # '$http_referer" "$http_user_agent" $msec'; # access_log /var/log/nginx/privatebin-access.log access_fmt buffer=4k flush=5m; access_log /var/log/nginx/privatebin-access.log access_fmt; error_log /var/log/nginx/privatebin-error.log warn; index index.php; location = / { try_files $uri $uri/ /index.php$is_args$args; } location ~ (css|doc|img|js|i18n) { try_files $uri $uri/ /index.php$is_args$args; } location / { return 301 /$is_args$args; } # location ~ [^/]\.php(/|$) { location ~ \.php$ { # Correctly handle request like /test.php/foo/blah.php or /test.php/ fastcgi_split_path_info ^(.+?\.php)(/.*)$; try_files $uri $document_root/index.php?$fastcgi_script_name =404; # try_files $uri $document_root$fastcgi_script_name =404; # Mitigate https://httpoxy.org/ vulnerabilities fastcgi_param HTTP_PROXY ""; fastcgi_pass unix:/run/php-fpm/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # fastcgi_param SCRIPT_FILENAME /home/privatebin/bin.zavage.net/PrivateBin/$fastcgi_script_name; include fastcgi_params; # Prevent exposing nginx version to $_SERVER fastcgi_param SERVER_SOFTWARE ""; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/bin.zavage.net/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/bin.zavage.net/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot gzip on; } server { if ($host = bin.zavage.net) { return 301 https://$host$request_uri; } # managed by Certbot server_name bin.zavage.net; listen 80; return 404; # managed by Certbot }