# ------------------------- # HTTP -> HTTPS redirect # ------------------------- server { listen 80; listen [::]:80; listen 443 quic; listen 443 ssl; listen [::]:443 quic; listen [::]:443 ssl; http2 on; http3 off; ssl_certificate_key /etc/nginx/ssl-certificates/golfpharmacy.org.key; ssl_certificate /etc/nginx/ssl-certificates/golfpharmacy.org.crt; server_name www.golfpharmacy.org; return 301 https://golfpharmacy.org$request_uri; } # ------------------------- # MAIN public server (HTTPS) # ------------------------- server { listen 80; listen [::]:80; listen 443 quic; listen 443 ssl; listen [::]:443 quic; listen [::]:443 ssl; http2 on; http3 off; ssl_certificate_key /etc/nginx/ssl-certificates/golfpharmacy.org.key; ssl_certificate /etc/nginx/ssl-certificates/golfpharmacy.org.crt; server_name golfpharmacy.org www.golfpharmacy.org; root /home/golfpharmacy/htdocs/golfpharmacy.org; access_log /home/golfpharmacy/logs/nginx/access.log main; error_log /home/golfpharmacy/logs/nginx/error.log; if ($scheme != "https") { rewrite ^ https://$host$request_uri permanent; } # (these two existed in your screenshots) location ~ /\.git { deny all; } location = /xmlrpc.php { deny all; } # Proxy all to backend location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_hide_header X-Varnish; proxy_redirect off; proxy_connect_timeout 720; proxy_send_timeout 720; proxy_read_timeout 720; proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_max_temp_file_size 0; } # Static/cacheable assets location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ { # WordPress Multisite Subdirectory rewrite ^/[_0-9a-zA-Z-]+/(wp-.*) $1 break; rewrite ^/[_0-9a-zA-Z-]+/(.*\.php)$ $1 break; add_header Access-Control-Allow-Origin "*"; add_header alt-svc 'h3=":443"'; # (as in your screenshot) ma=86400; # (this split was in your original) expires max; access_log off; if (-f $request_filename) { break; } } # WP Admin / Login location ~ /(wp-admin|wp-login\.php) { #auth_basic "Restricted Area"; #auth_basic_user_file /home/site-user/.htpasswd; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Host $host; proxy_set_header Host $host; proxy_pass http://127.0.0.1:8080; proxy_connect_timeout 7200; proxy_send_timeout 7200; proxy_read_timeout 7200; } } # ------------------------- # Backend app server (:8080) # ------------------------- server { listen 8080; listen [::]:8080; server_name golfpharmacy.org www1.golfpharmacy.org; root /home/golfpharmacy/htdocs/golfpharmacy.org; include /etc/nginx/global_settings; try_files $uri $uri/ /index.php?$args; index index.php index.html; # PHP handler location ~ \.php$ { include fastcgi_params; fastcgi_intercept_errors on; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; try_files $uri =404; fastcgi_read_timeout 3600; fastcgi_send_timeout 3600; fastcgi_param HTTPS "on"; fastcgi_param SERVER_PORT 443; fastcgi_pass 127.0.0.1:15009; fastcgi_param PHP_VALUE " error_log=/home/golfpharmacy/Logs/php/error.log; memory_limit=512M; max_execution_time=60; max_input_time=60; max_input_vars=10000; post_max_size=64M; upload_max_filesize=64M; date.timezone=UTC; display_errors=off; "; } # WordPress Multisite Subdirectory if (!-e $request_filename) { rewrite /wp-admin$ https://$host$uri permanent; rewrite ^/[_0-9a-zA-Z-]+/(wp-.*) $1 last; rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last; } if (-f $request_filename) { break; } }