server { listen 80; listen [::]:80; server_name YOUR_DOMAIN; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name YOUR_DOMAIN; ssl_protocols TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_stapling on; ssl_stapling_verify on; add_header Strict-Transport-Security "max-age=31536000"; add_header X-XSS-Protection "1; mode=block"; ssl_certificate /etc/CHANGE_THIS/fullchain.pem; ssl_certificate_key /etc/CHANGE_THIS/privkey.pem; ssl_dhparam /etc/CHANGE_THIS/dhparam.pem; keepalive_timeout 70; sendfile on; client_max_body_size 20m; root /var/www/example.com; location ~* (?:DESIGN|(?:gpl|README|LICENSE)[^.]*|LEGALNOTICE)(?:\.txt)*$ { return 302 /; } location ~* \.(?:bat|git|ini|sh|svn[^.]*|txt|tpl|xml)$ { return 404; } # Main rewrite ^/home/?$ / permanent; rewrite ^/login/?$ /login/login.php break; rewrite ^/auth/?$ /login/auth.php break; rewrite ^/logout/?$ /login/logout.php break; rewrite ^/terms/?$ /login/terms.php break; rewrite ^/privacy/?$ /login/privacy.php break; rewrite ^/imprint/?$ /login/imprint.php break; # LTL rewrite ^/local/?$ /local.php break; # FTL rewrite ^/federated/?$ /federated.php break; # Notice rewrite ^/notifications/?$ /notifications.php break; # Who to follow rewrite ^/whotofollow/?$ /who_to_follow.php break; # Direct rewrite ^/direct/?$ /direct.php break; # Lists rewrite ^/lists/?$ /lists.php break; rewrite ^/lists/(\d+)/?$ /lists_view.php?id=$1 break; rewrite ^/lists/(\d+)/add/?$ /lists_add.php?id=$1 break; # Search rewrite ^/search/?$ /search_hash_tag.php break; rewrite ^/search/users/?$ /search_user.php break; # Settings rewrite ^/settings/?$ /settings_general.php break; rewrite ^/settings/profile/?$ /settings_profile.php break; rewrite ^/settings/appearance/?$ /settings_appearance.php break; # User rewrite ^/@(.+)@(.+)\.([a-z]+)/?$ /user.php?user=@$1@$2\.$3 break; rewrite ^/@(.+)@(.+)\.([a-z]+)/status/(.+?)?$ /user.php?user=@$1@$2\.$3&status=$4 break; rewrite ^/@(.+)@(.+)\.([a-z]+)/media/?$ /user_only_media.php?user=@$1@$2\.$3 break; rewrite ^/@(.+)@(.+)\.([a-z]+)/with_replies/?$ /user_include_replies.php?user=@$1@$2\.$3 break; rewrite ^/@(.+)@(.+)\.([a-z]+)/followers/?$ /user_followers.php?user=@$1@$2\.$3 break; rewrite ^/@(.+)@(.+)\.([a-z]+)/following/?$ /user_following.php?user=@$1@$2\.$3 break; rewrite ^/@(.+)@(.+)\.([a-z]+)/favourites/?$ /user_favorite.php?user=@$1@$2\.$3 break; # Image rewrite ^/avatars/original/missing.png$ /assets/images/missing.png break; rewrite ^/headers/original/missing.png$ /assets/images/missing_header.png break; # 404 rewrite ^/404/?$ /404.php break; location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; if (!-f $document_root$fastcgi_script_name) { return 404; } fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; fastcgi_buffers 8 256k; fastcgi_buffer_size 128k; fastcgi_intercept_errors on; fastcgi_pass unix:/var/run/php/php7.1-fpm.sock; } }