Initial

install/deb/templates/web/nginx/php-fpm/magento.tpl

@@ -0,0 +1,193 @@
+#=========================================================================#
+# Default Web Domain Template                                             #
+# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
+# https://hestiacp.com/docs/server-administration/web-templates.html      #
+#=========================================================================#
+
+server {
+	listen      %ip%:%web_port%;
+	server_name %domain_idn% %alias_idn%;
+	root        %docroot%/pub;
+	index       index.php;
+	access_log  /var/log/nginx/domains/%domain%.log combined;
+	access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+	error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+	include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
+
+	error_page 404 403 = /errors/404.php;
+	add_header "X-UA-Compatible" "IE=Edge";
+
+	# PHP entry point for setup application
+	location ~* ^/setup($|/) {
+		root %docroot%;
+
+		location ~ ^/setup/index.php {
+			fastcgi_index index.php;
+			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+
+			fastcgi_pass %backend_lsnr%;
+
+			include /etc/nginx/fastcgi_params;
+			include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+		}
+
+		location ~ ^/setup/(?!pub/). {
+			deny all;
+		}
+
+		location ~ ^/setup/pub/ {
+			add_header X-Frame-Options "SAMEORIGIN";
+		}
+	}
+
+	# PHP entry point for update application
+	location ~* ^/update($|/) {
+		root %docroot%;
+
+		location ~ ^/update/index.php {
+			include /etc/nginx/fastcgi_params;
+
+			fastcgi_index index.php;
+			fastcgi_param PATH_INFO $fastcgi_path_info;
+			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+			fastcgi_split_path_info ^(/update/index.php)(/.+)$;
+
+			fastcgi_pass %backend_lsnr%;
+
+			include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+		}
+
+		# Deny everything but index.php
+		location ~ ^/update/(?!pub/). {
+			deny all;
+		}
+
+		location ~ ^/update/pub/ {
+			add_header X-Frame-Options "SAMEORIGIN";
+		}
+	}
+
+	location / {
+		try_files $uri $uri/ /index.php?$args;
+	}
+
+	location /pub/ {
+		location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) {
+			deny all;
+		}
+
+		alias %docroot%/pub/;
+		add_header X-Frame-Options "SAMEORIGIN";
+	}
+
+	location /static/ {
+		# Uncomment the following line in production mode
+		# expires max;
+
+		# Remove signature of the static files that is used to overcome the browser cache
+		location ~ ^/static/version {
+			rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last;
+		}
+
+		location ~* \.(ico|jpg|jpeg|png|webp|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
+			add_header Cache-Control "public";
+			add_header X-Frame-Options "SAMEORIGIN";
+			expires +1y;
+
+			if (!-f $request_filename) {
+				rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
+			}
+		}
+
+		location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
+			add_header Cache-Control "no-store";
+			add_header X-Frame-Options "SAMEORIGIN";
+			expires off;
+
+			if (!-f $request_filename) {
+				rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
+			}
+		}
+
+		if (!-f $request_filename) {
+			rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
+		}
+
+		add_header X-Frame-Options "SAMEORIGIN";
+	}
+
+	location /media/ {
+		try_files $uri $uri/ /get.php?$args;
+
+		location ~ ^/media/theme_customization/.*\.xml {
+			deny all;
+		}
+
+		location ~* \.(ico|jpg|jpeg|png|webp|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
+			try_files $uri $uri/ /get.php?$args;
+
+			add_header Cache-Control "public";
+			add_header X-Frame-Options "SAMEORIGIN";
+			expires +1y;
+		}
+
+		location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
+			try_files $uri $uri/ /get.php?$args;
+
+			add_header Cache-Control "no-store";
+			add_header X-Frame-Options "SAMEORIGIN";
+			expires off;
+		}
+
+		add_header X-Frame-Options "SAMEORIGIN";
+	}
+
+	location /media/customer/ {
+		deny all;
+	}
+
+	location /media/downloadable/ {
+		deny all;
+	}
+
+	location /media/import/ {
+		deny all;
+	}
+
+	# PHP entry point for main application
+	location ~ (index|get|static|report|404|503)\.php$ {
+		try_files $uri =404;
+
+		include /etc/nginx/fastcgi_params;
+
+		fastcgi_buffers 1024 4k;
+		fastcgi_connect_timeout 600s;
+		fastcgi_read_timeout 600s;
+		fastcgi_index index.php;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+
+		fastcgi_pass %backend_lsnr%;
+
+		include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+	}
+
+	# Banned locations (only reached if the earlier PHP entry point regexes don't match)
+	location ~ /\.(?!well-known\/) {
+		deny all;
+		return 404;
+	}
+
+	location /error/ {
+		alias %home%/%user%/web/%domain%/document_errors/;
+	}
+
+	location /vstats/ {
+		alias   %home%/%user%/web/%domain%/stats/;
+		include %home%/%user%/web/%domain%/stats/auth.conf*;
+	}
+
+	include /etc/nginx/conf.d/phpmyadmin.inc*;
+	include /etc/nginx/conf.d/phppgadmin.inc*;
+	include %home%/%user%/conf/web/%domain%/nginx.conf_*;
+}