server { listen 80; ## listen for ipv4; this line is default and implied listen [::]:80 default ipv6only=on; ## listen for ipv6 root /prestashop; index index.php index.html index.htm; # Make site accessible from http://localhost/ server_name _; # Add stdout logging error_log /dev/stdout info; access_log /dev/stdout; # Redirect 404 errors to prestashop error_page 404 /index.php?controller=404; # Gzip Settings, convert all types. gzip on; gzip_vary on; gzip_proxied any; # Can be enhance to 5, but it can slow you server # gzip_comp_level 5; # gzip_min_length 256; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; # Symfony controllers location /admin/ { # [REQUIRED EDIT] the name of your admin directory if (!-e $request_filename) { rewrite ^/.*$ /admin/index.php last; # [REQUIRED EDIT] the name of your admin directory } } # Cloudflare / Max CDN fix location ~* \.(eot|otf|ttf|woff|woff2)$ { add_header Access-Control-Allow-Origin *; } # Do not save logs for these location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { auth_basic off; allow all; log_not_found off; access_log off; } location / { # Redirect pretty urls to index.php try_files $uri $uri/ /index.php?$args; # Images rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$1$2$3.jpg last; rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last; rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last; rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last; rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last; rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last; rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last; rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last; rewrite ^/c/([0-9]+)(-[.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+.jpg$ /img/c/$1$2$3.jpg last; rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+.jpg$ /img/c/$1$2.jpg last; # AlphaImageLoader for IE and fancybox rewrite ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 last; # Web service API rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last; # Installation sandbox rewrite ^(/install(?:-dev)?/sandbox)/(.*) /$1/test.php last; } # File security # .htaccess .DS_Store .htpasswd etc location ~ /\. { deny all; } # Source code directories location ~ ^/(app|bin|cache|classes|config|controllers|docs|localization|override|src|tests|tools|translations|travis-scripts|vendor)/ { deny all; } # Prevent exposing other sensitive files location ~ \.(yml|log|tpl|twig|sass)$ { deny all; } # Prevent injection of php files location /upload { location ~ \.php$ { deny all; } } location /img { location ~ \.php$ { deny all; } } location ~ \.php$ { # Verify that the file exists, redirect to index if not try_files $fastcgi_script_name /index.php$uri&$args; fastcgi_index index.php; include fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_pass fpm:9000; } }