server { listen 80; server_name paris12.pcf.fr; access_log off; location ~ /\.well-known/acme-challenge { allow all; default_type "text/plain"; root /var/www/grav; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl; server_name paris12.pcf.fr; root /var/www/grav; index index.html index.php; access_log off; error_log /var/log/nginx/grav/error.log; ssl_certificate /etc/letsencrypt/live/paris12.pcf.fr/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/paris12.pcf.fr/privkey.pem; location ^~ /\.well-known/acme-challenge { allow all; default_type "text/plain"; } location ^~ /cgi-bin/mailman/admin/ { return 301 https://listes.pcf.fr$request_uri; } location / { try_files $uri $uri/ /index.php?$query_string; } # deny all direct access for these folders location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; } # deny running scripts inside core system folders location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } # deny running scripts inside user folder location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } # deny access to specific files in the root folder location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; } location ~ \.php$ { fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; } location ~* /logements-(e|%C3%A9|é)tudiants-jc { rewrite ^.* https://cloud.paris12.pcf.fr/index.php/apps/forms/Pgoe5oGTpwAEFP6F permanent; } location ~* /pr(e|%C3%A9|é)pa-soir(e|%C3%A9|é)e-commission-culture { rewrite ^.* https://cloud.paris12.pcf.fr/index.php/s/H3YPpQsxcAN5555 permanent; } }