# Expires map map $sent_http_content_type $expires { default off; text/html epoch; text/css max; application/javascript max; ~image/ max; } server { listen 80; listen [::]:80; server_name ${SERVICE_DOMAIN}; return 301 https://$http_host$request_uri; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Frame-Options "DENY" always; add_header Referrer-Policy "strict-origin" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; server_tokens off; } server { server_name ${SERVICE_DOMAIN}; root /var/www/html/${SERVICE_DOMAIN}; index index.html index.htm; listen 443 ssl; # listen [::]:443 ipv6only=on ssl; ssl on; ssl_certificate /etc/nginx/ssl/${SERVICE_DOMAIN}/cert.pem; ssl_certificate_key /etc/nginx/ssl/${SERVICE_DOMAIN}/key.pem; include /etc/nginx/includes/ssl.conf; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Frame-Options "DENY" always; add_header Referrer-Policy "strict-origin" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; server_tokens off; include /etc/nginx/includes/gzip.conf; location / { #try_files $uri $uri/ =404; try_files $uri $uri/ /index.php?q=$uri&$args; } expires $expires; location ~* \.(js|css|xml|gz)$ { add_header Vary "Accept-Encoding"; } # custom error pages fastcgi_intercept_errors on; # make custom errors work error_page 500 502 503 504 /errors/50x.html; location = /50x.html { root /var/www/errors; } error_page 403 /errors/403.html; location = /403.html { root /var/www/errors; } error_page 404 /errors/404.html; location = /404.html { } location ^~ /.well-known/ { access_log off; log_not_found off; root /var/www/html; # autoindex off; index index.html; # "no-such-file.txt",if expected protos don't need it try_files $uri $uri/ =404; } }