server { # default_server from default vhost must exist somewhere! listen 80; listen [::]:80; listen 443; listen [::]:443; # Enable this if your want HSTS (recommended) add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload"; add_header X-Frame-Options SAMEORIGIN; add_header Content-Security-Policy upgrade-insecure-requests; add_header X-Xss-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; root /var/www/vhostdir; index index.php index.html index.htm; # vhost address server_name vhost.example.org; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; autoindex off; } # Userdir #ilocation ~ ^/~(.+?)(/.*)?$ { # alias /home/$1/public_html$2; # index index.html index.htm; # autoindex on; #} #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # #error_page 500 502 503 504 /50x.html; #location = /50x.html { # root /usr/share/nginx/html; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; # # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini # # # With php5-cgi alone: # fastcgi_pass 127.0.0.1:9000; # # With php5-fpm: fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; #include fastcgi_params; include fastcgi.conf; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # location ~ /\.ht { deny all; } }