# /** # * @version 1.8.3 # * @package Engintron for cPanel/WHM # * @author Fotis Evangelou # * @url https://engintron.com # * @copyright Copyright (c) 2010 - 2017 Nuevvo Webware P.C. All rights reserved. # * @license GNU/GPL license: https://www.gnu.org/copyleft/gpl.html # */ server { listen 80 default_server; #listen [::]:80 ipv6only=on; server_name localhost; # deny all; # DO NOT REMOVE OR CHANGE THIS LINE - Used when Engintron is disabled to block Nginx from becoming an open proxy # Initialize important variables set $CACHE_BYPASS_FOR_DYNAMIC 0; set $CACHE_BYPASS_FOR_STATIC 0; set $PROXY_DOMAIN_OR_IP $host; set $PROXY_TO_PORT 8080; set $SITE_URI "$host$request_uri"; # Generic query string to request a page bypassing Nginx's caching entirely for both dynamic & static content if ($query_string ~* "nocache") { set $CACHE_BYPASS_FOR_DYNAMIC 1; set $CACHE_BYPASS_FOR_STATIC 1; } # Proxy requests to "localhost" if ($host ~* "localhost") { set $PROXY_DOMAIN_OR_IP "127.0.0.1"; } # Proxy cPanel specific subdomains if ($host ~* "^webmail\.") { set $PROXY_DOMAIN_OR_IP "127.0.0.1"; set $PROXY_TO_PORT 2095; } if ($host ~* "^cpanel\.") { set $PROXY_DOMAIN_OR_IP "127.0.0.1"; set $PROXY_TO_PORT 2082; } if ($host ~* "^whm\.") { set $PROXY_DOMAIN_OR_IP "127.0.0.1"; set $PROXY_TO_PORT 2086; } if ($host ~* "^webdisk\.") { set $PROXY_DOMAIN_OR_IP "127.0.0.1"; set $PROXY_TO_PORT 2077; } if ($host ~* "^(cpcalendars|cpcontacts)\.") { set $PROXY_DOMAIN_OR_IP "127.0.0.1"; set $PROXY_TO_PORT 2079; } # Set custom rules like domain/IP exclusions or redirects here include custom_rules; # Includes for Nginx Bad Bot Blocker include /etc/nginx/bots.d/blockbots.conf; include /etc/nginx/bots.d/ddos.conf; location / { try_files $uri $uri/ @backend; } location @backend { include proxy_params_common; # === MICRO CACHING === # Comment the following line to disable 1 second micro-caching for dynamic HTML content include proxy_params_dynamic; } # Enable browser cache for static content files (TTL is 1 hour) location ~* \.(?:json|xml|rss|atom)$ { include proxy_params_common; include proxy_params_static; expires 1h; } # Enable browser cache for CSS / JS (TTL is 30 days) location ~* \.(?:css|js)$ { include proxy_params_common; include proxy_params_static; expires 30d; } # Enable browser cache for images (TTL is 60 days) location ~* \.(?:ico|jpg|jpeg|gif|png|webp)$ { include proxy_params_common; include proxy_params_static; expires 60d; } # Enable browser cache for archives, documents & media files (TTL is 60 days) location ~* \.(?:3gp|7z|avi|bmp|bz2|csv|divx|doc|docx|eot|exe|flac|flv|gz|less|mid|midi|mka|mkv|mov|mp3|mp4|mpeg|mpg|odp|ods|odt|ogg|ogm|ogv|opus|pdf|ppt|pptx|rar|rtf|swf|tar|tbz|tgz|tiff|txz|wav|webm|wma|wmv|xls|xlsx|xz|zip)$ { set $CACHE_BYPASS_FOR_STATIC 1; include proxy_params_common; include proxy_params_static; expires 60d; } # Enable browser cache for fonts & fix @font-face cross-domain restriction (TTL is 60 days) location ~* \.(eot|ttf|otf|woff|woff2|svg|svgz)$ { include proxy_params_common; include proxy_params_static; expires 60d; add_header Access-Control-Allow-Origin *; } # Prevent logging of favicon and robot request errors location = /favicon.ico { include proxy_params_common; include proxy_params_static; expires 60d; log_not_found off; } location = /robots.txt { include proxy_params_common; include proxy_params_static; expires 1d; log_not_found off; } location = /nginx_status { stub_status; access_log off; log_not_found off; # Uncomment the following 2 lines to make the Nginx status page private. # If you do this and you have Munin installed, graphs for Nginx will stop working. #allow 127.0.0.1; #deny all; } location = /whm-server-status { proxy_pass http://127.0.0.1:8080; # Comment the following 2 lines to make the Apache status page public allow 127.0.0.1; deny all; } # Deny access to files like .htaccess or .htpasswd location ~ /\.ht { deny all; } }