Merge remote-tracking branch 'origin/main' into feature/user-roles

bin/v-add-fastcgi-cache

@@ -81,7 +81,8 @@ cat << EOF > $fastcgi
     fastcgi_cache_valid 301 302 10m;
     fastcgi_cache_valid 404 10m;
     fastcgi_cache_bypass $no_cache;
-    fastcgi_no_cache $no_cache;  
+    fastcgi_no_cache $no_cache;
+    set $no_cache 0;
 EOF
 
 if [ ! -z "$debug" ]; then

install/deb/templates/web/nginx/php-fpm/drupal7.stpl → install/deb/templates/web/nginx/php-fpm/codeigniter.stpl

@@ -30,66 +30,33 @@ server {
         access_log off;
     }
 
-    location ~ /(changelog.txt|copyright.txt|install.mysql.txt|install.pgsql.txt|install.sqlite.txt|install.txt|license.txt|maintainers.txt|license|license.txt|readme.txt|readme.md|upgrade.txt) {
-        deny all;
-        return 404;
-    }
-
-    location ~ \..*/.*\.php$ {
-        deny all;
-        return 404;
-    }
-
-    location ~ ^/sites/.*/private/ {
-        deny all;
-        return 404;
-    }
-
-    location ~ ^/sites/[^/]+/files/.*\.php$ {
-        deny all;
-        return 404;
-    }
-
-    location ~ /vendor/.*\.php$ {
+    location ~ /\.(?!well-known\/) {
         deny all;
         return 404;
     }
 
-    location ~ /\.(?!well-known\/) {
+    location ~ /(application|system|README.md|CHANGELOG.md|LICENSE) {
         deny all;
         return 404;
     }
 
     location / {
-        try_files $uri $uri/ /index.php?$query_string;
+        try_files $uri $uri/ /index.php;
         location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
-            try_files $uri @rewrite;
             expires 30d;
             fastcgi_hide_header "Set-Cookie";
         }
 
-        location ~ [^/]\.php(/|$)|^/update.php {
-            fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
+        location ~ [^/]\.php(/|$) {
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             try_files $uri =404;
             fastcgi_pass %backend_lsnr%;
             fastcgi_index index.php;
-            fastcgi_param SCRIPT_FILENAME $request_filename;
-            include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+            include /etc/nginx/fastcgi_params;
+            include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
         }
-
-        location ~ ^/sites/.*/files/styles/ {
-            try_files $uri @rewrite;
-        }
-    }
-
-    location @rewrite {
-        rewrite ^/(.*)$ /index.php?q=$1;
     }
 
-    rewrite ^/index.php/(.*) /$1 permanent;
-
     location /error/ {
         alias   %home%/%user%/web/%domain%/document_errors/;
     }
@@ -99,8 +66,7 @@ server {
         include %home%/%user%/web/%domain%/stats/auth.conf*;
     }
 
-    include     /etc/nginx/conf.d/phpmyadmin.inc*;
-    include     /etc/nginx/conf.d/phppgadmin.inc*;
-    include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
+    include /etc/nginx/conf.d/phpmyadmin.inc*;
+    include /etc/nginx/conf.d/phppgadmin.inc*;
+    include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
 }
-

install/deb/templates/web/nginx/php-fpm/drupal7.tpl → install/deb/templates/web/nginx/php-fpm/codeigniter.tpl

@@ -11,7 +11,7 @@ server {
     access_log  /var/log/nginx/domains/%domain%.log combined;
     access_log  /var/log/nginx/domains/%domain%.bytes bytes;
     error_log   /var/log/nginx/domains/%domain%.error.log error;
-        
+
     include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
 
     location = /favicon.ico {
@@ -25,66 +25,33 @@ server {
         access_log off;
     }
 
-    location ~ /(changelog.txt|copyright.txt|install.mysql.txt|install.pgsql.txt|install.sqlite.txt|install.txt|license.txt|maintainers.txt|license|license.txt|readme.txt|readme.md|upgrade.txt) {
-        deny all;
-        return 404;
-    }
-
-    location ~ \..*/.*\.php$ {
-        deny all;
-        return 404;
-    }
-
-    location ~ ^/sites/.*/private/ {
-        deny all;
-        return 404;
-    }
-
-    location ~ ^/sites/[^/]+/files/.*\.php$ {
-        deny all;
-        return 404;
-    }
-
-    location ~ /vendor/.*\.php$ {
+    location ~ /\.(?!well-known\/) {
         deny all;
         return 404;
     }
 
-    location ~ /\.(?!well-known\/) {
+    location ~ /(application|system|README.md|CHANGELOG.md|LICENSE) {
         deny all;
         return 404;
     }
 
     location / {
-        try_files $uri $uri/ /index.php?$query_string;
+        try_files $uri $uri/ /index.php;
         location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
-            try_files $uri @rewrite;
             expires 30d;
             fastcgi_hide_header "Set-Cookie";
         }
 
-        location ~ [^/]\.php(/|$)|^/update.php {
-            fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
+        location ~ [^/]\.php(/|$) {
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             try_files $uri =404;
             fastcgi_pass %backend_lsnr%;
             fastcgi_index index.php;
-            fastcgi_param SCRIPT_FILENAME $request_filename;
-            include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+            include /etc/nginx/fastcgi_params;
+            include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
         }
-
-        location ~ ^/sites/.*/files/styles/ {
-            try_files $uri @rewrite;
-        }
-    }
-
-    location @rewrite {
-        rewrite ^/(.*)$ /index.php?q=$1;
     }
 
-    rewrite ^/index.php/(.*) /$1 permanent;
-
     location /error/ {
         alias   %home%/%user%/web/%domain%/document_errors/;
     }
@@ -94,8 +61,7 @@ server {
         include %home%/%user%/web/%domain%/stats/auth.conf*;
     }
 
-    include     /etc/nginx/conf.d/phpmyadmin.inc*;
-    include     /etc/nginx/conf.d/phppgadmin.inc*;
-    include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
+    include /etc/nginx/conf.d/phpmyadmin.inc*;
+    include /etc/nginx/conf.d/phppgadmin.inc*;
+    include %home%/%user%/conf/web/%domain%/nginx.conf_*;
 }
-

install/deb/templates/web/nginx/php-fpm/codeigniter2.stpl

@@ -1,65 +0,0 @@
-#=======================================================================#
-# Default Web Domain Template                                           #
-# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
-#=======================================================================#
-
-server {
-    listen      %ip%:%web_ssl_port% ssl http2;
-    server_name %domain_idn% %alias_idn%;
-    root        %sdocroot%;
-    index       index.php index.html index.htm;
-    access_log  /var/log/nginx/domains/%domain%.log combined;
-    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
-    error_log   /var/log/nginx/domains/%domain%.error.log error;
-
-    ssl_certificate      %ssl_pem%;
-    ssl_certificate_key  %ssl_key%;
-    ssl_stapling on;
-    ssl_stapling_verify on;
-
-    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
-
-    location / {
-        try_files $uri $uri/ /index.php;
-
-        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
-            expires     max;
-            fastcgi_hide_header "Set-Cookie";
-        }
-
-        location = /index.php {
-            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            if (!-f $document_root$fastcgi_script_name) {
-                return  404;
-            }
-
-            fastcgi_pass    %backend_lsnr%;
-            fastcgi_index   index.php;
-            include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
-            fastcgi_param  SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name;
-        }
-    }
-
-    location ~ \.php$ {
-        return 444;
-    }
-
-    location /error/ {
-        alias   %home%/%user%/web/%domain%/document_errors/;
-    }
-
-    location ~ /\.(?!well-known\/) { 
-       deny all; 
-       return 404;
-    }
-
-    location /vstats/ {
-        alias   %home%/%user%/web/%domain%/stats/;
-        include %home%/%user%/web/%domain%/stats/auth.conf*;
-    }
-
-    include     /etc/nginx/conf.d/phpmyadmin.inc*;
-    include     /etc/nginx/conf.d/phppgadmin.inc*;
-    include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
-}

install/deb/templates/web/nginx/php-fpm/codeigniter2.tpl

@@ -1,60 +0,0 @@
-#=======================================================================#
-# Default Web Domain Template                                           #
-# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
-#=======================================================================#
-
-server {
-    listen      %ip%:%web_port%;
-    server_name %domain_idn% %alias_idn%;
-    root        %docroot%;
-    index       index.php index.html index.htm;
-    access_log  /var/log/nginx/domains/%domain%.log combined;
-    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
-    error_log   /var/log/nginx/domains/%domain%.error.log error;
-        
-    include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
-
-    location / {
-        try_files $uri $uri/ /index.php;
-
-        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
-            expires     max;
-            fastcgi_hide_header "Set-Cookie";
-        }
-
-        location = /index.php {
-            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            if (!-f $document_root$fastcgi_script_name) {
-                return  404;
-            }
-
-            fastcgi_pass    %backend_lsnr%;
-            fastcgi_index   index.php;
-            include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
-            fastcgi_param  SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name;
-        }
-    }
-
-    location ~ \.php$ {
-        return 444;
-    }
-
-    location /error/ {
-        alias   %home%/%user%/web/%domain%/document_errors/;
-    }
-
-    location ~ /\.(?!well-known\/) { 
-       deny all; 
-       return 404;
-    }
-
-    location /vstats/ {
-        alias   %home%/%user%/web/%domain%/stats/;
-        include %home%/%user%/web/%domain%/stats/auth.conf*;
-    }
-
-    include     /etc/nginx/conf.d/phpmyadmin.inc*;
-    include     /etc/nginx/conf.d/phppgadmin.inc*;
-    include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
-}

install/deb/templates/web/nginx/php-fpm/codeigniter3.stpl

@@ -1,60 +0,0 @@
-#=======================================================================#
-# Default Web Domain Template                                           #
-# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
-#=======================================================================#
-
-server {
-    listen      %ip%:%web_ssl_port% ssl http2;
-    server_name %domain_idn% %alias_idn%;
-    root        %sdocroot%;
-    index       index.php index.html index.htm;
-    access_log  /var/log/nginx/domains/%domain%.log combined;
-    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
-    error_log   /var/log/nginx/domains/%domain%.error.log error;
-
-    ssl_certificate      %ssl_pem%;
-    ssl_certificate_key  %ssl_key%;
-    ssl_stapling on;
-    ssl_stapling_verify on;
-
-    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
-
-    location / {
-        try_files $uri $uri/ /index.php;
-
-        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
-            expires     max;
-            fastcgi_hide_header "Set-Cookie";
-        }
-
-        location ~ [^/]\.php(/|$) {
-            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            if (!-f $document_root$fastcgi_script_name) {
-                return  404;
-            }
-
-            fastcgi_pass    %backend_lsnr%;
-            fastcgi_index   index.php;
-            include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
-        }
-    }
-
-    location /error/ {
-        alias   %home%/%user%/web/%domain%/document_errors/;
-    }
-
-    location ~ /\.(?!well-known\/) { 
-       deny all; 
-       return 404;
-    }    
-
-    location /vstats/ {
-        alias   %home%/%user%/web/%domain%/stats/;
-        include %home%/%user%/web/%domain%/stats/auth.conf*;
-    }
-
-    include     /etc/nginx/conf.d/phpmyadmin.inc*;
-    include     /etc/nginx/conf.d/phppgadmin.inc*;
-    include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
-}

install/deb/templates/web/nginx/php-fpm/codeigniter3.tpl

@@ -1,56 +0,0 @@
-#=======================================================================#
-# Default Web Domain Template                                           #
-# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
-#=======================================================================#
-
-server {
-    listen      %ip%:%web_port%;
-    server_name %domain_idn% %alias_idn%;
-    root        %docroot%;
-    index       index.php index.html index.htm;
-    access_log  /var/log/nginx/domains/%domain%.log combined;
-    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
-    error_log   /var/log/nginx/domains/%domain%.error.log error;
-        
-    include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
-
-    location / {
-        try_files $uri $uri/ /index.php;
-
-        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
-            expires     max;
-            fastcgi_hide_header "Set-Cookie";
-        }
-
-        location ~ [^/]\.php(/|$) {
-            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            if (!-f $document_root$fastcgi_script_name) {
-                return  404;
-            }
-
-            fastcgi_pass    %backend_lsnr%;
-            fastcgi_index   index.php;
-            include         /etc/nginx/fastcgi_params;
-            include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
-        }
-    }
-
-    location /error/ {
-        alias   %home%/%user%/web/%domain%/document_errors/;
-    }
-
-    location ~ /\.(?!well-known\/) { 
-       deny all; 
-       return 404;
-    }
-
-    location /vstats/ {
-        alias   %home%/%user%/web/%domain%/stats/;
-        include %home%/%user%/web/%domain%/stats/auth.conf*;
-    }
-
-    include     /etc/nginx/conf.d/phpmyadmin.inc*;
-    include     /etc/nginx/conf.d/phppgadmin.inc*;
-    include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
-}

install/deb/templates/web/nginx/php-fpm/drupal-composer.stpl

@@ -1,3 +1,8 @@
+#=======================================================================#
+# Default Web Domain Template                                           #
+# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
+#=======================================================================#
+
 server {
     listen      %ip%:%web_ssl_port% ssl http2;
     server_name %domain_idn% %alias_idn%;
@@ -60,8 +65,15 @@ server {
             fastcgi_pass %backend_lsnr%;
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
-            include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+            include /etc/nginx/fastcgi_params;
+            include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+            set $no_cache 0;
+                if ($request_uri ~* "/user/|/admin/|index.php") {
+                    set $no_cache 1;
+                }
+                if ($http_cookie ~ SESS) {
+                    set $no_cache 1;
+                }
         }
 
         location ~ ^/sites/.*/files/styles/ {
@@ -88,4 +100,3 @@ server {
     include     /etc/nginx/conf.d/phppgadmin.inc*;
     include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
 }
-

install/deb/templates/web/nginx/php-fpm/drupal-composer.tpl

@@ -1,3 +1,8 @@
+#=======================================================================#
+# Default Web Domain Template                                           #
+# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
+#=======================================================================#
+
 server {
     listen      %ip%:%web_port%;
     server_name %domain_idn% %alias_idn%;
@@ -56,8 +61,14 @@ server {
             fastcgi_pass %backend_lsnr%;
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
-            include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+            include /etc/nginx/fastcgi_params;
+            include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+                if ($request_uri ~* "/user/|/admin/|index.php") {
+                    set $no_cache 1;
+                }
+                if ($http_cookie ~ SESS) {
+                    set $no_cache 1;
+                }
         }
 
         location ~ ^/sites/.*/files/styles/ {
@@ -84,4 +95,3 @@ server {
     include     /etc/nginx/conf.d/phppgadmin.inc*;
     include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
 }
-

install/deb/templates/web/nginx/php-fpm/drupal-social.stpl

@@ -1,3 +1,8 @@
+#=======================================================================#
+# Default Web Domain Template                                           #
+# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
+#=======================================================================#
+
 server {
     listen      %ip%:%web_ssl_port% ssl http2;
     server_name %domain_idn% %alias_idn%;
@@ -60,8 +65,14 @@ server {
             fastcgi_pass %backend_lsnr%;
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
-            include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+            include /etc/nginx/fastcgi_params;
+            include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+                if ($request_uri ~* "/user/|/admin/|index.php") {
+                    set $no_cache 1;
+                }
+                if ($http_cookie ~ SESS) {
+                    set $no_cache 1;
+                }
         }
 
         location ~ ^/sites/.*/files/styles/ {
@@ -88,4 +99,3 @@ server {
     include     /etc/nginx/conf.d/phppgadmin.inc*;
     include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
 }
-

install/deb/templates/web/nginx/php-fpm/drupal-social.tpl

@@ -1,3 +1,8 @@
+#=======================================================================#
+# Default Web Domain Template                                           #
+# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
+#=======================================================================#
+
 server {
     listen      %ip%:%web_port%;
     server_name %domain_idn% %alias_idn%;
@@ -56,8 +61,14 @@ server {
             fastcgi_pass %backend_lsnr%;
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
-            include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+            include /etc/nginx/fastcgi_params;
+            include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+                if ($request_uri ~* "/user/|/admin/|index.php") {
+                    set $no_cache 1;
+                }
+                if ($http_cookie ~ SESS) {
+                    set $no_cache 1;
+                }
         }
 
         location ~ ^/sites/.*/files/styles/ {
@@ -84,4 +95,3 @@ server {
     include     /etc/nginx/conf.d/phppgadmin.inc*;
     include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
 }
-

install/deb/templates/web/nginx/php-fpm/drupal8.stpl → install/deb/templates/web/nginx/php-fpm/drupal.stpl

@@ -76,7 +76,13 @@ server {
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
             include /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+            include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+                if ($request_uri ~* "/user/|/admin/|index.php") {
+                    set $no_cache 1;
+                }
+                if ($http_cookie ~ SESS) {
+                    set $no_cache 1;
+                }
         }
 
         location ~ ^/sites/.*/files/styles/ {
@@ -103,4 +109,3 @@ server {
     include     /etc/nginx/conf.d/phppgadmin.inc*;
     include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
 }
-

install/deb/templates/web/nginx/php-fpm/drupal8.tpl → install/deb/templates/web/nginx/php-fpm/drupal.tpl

@@ -72,7 +72,13 @@ server {
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
             include /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+            include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+                if ($request_uri ~* "/user/|/admin/|index.php") {
+                    set $no_cache 1;
+                }
+                if ($http_cookie ~ SESS) {
+                    set $no_cache 1;
+                }
         }
 
         location ~ ^/sites/.*/files/styles/ {
@@ -99,4 +105,3 @@ server {
     include     /etc/nginx/conf.d/phppgadmin.inc*;
     include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
 }
-

install/deb/templates/web/nginx/php-fpm/drupal6.stpl

@@ -1,98 +0,0 @@
-#=======================================================================#
-# Default Web Domain Template                                           #
-# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
-#=======================================================================#
-
-server {
-    listen      %ip%:%web_ssl_port% ssl http2;
-    server_name %domain_idn% %alias_idn%;
-    root        %sdocroot%;
-    index       index.php index.html index.htm;
-    access_log  /var/log/nginx/domains/%domain%.log combined;
-    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
-    error_log   /var/log/nginx/domains/%domain%.error.log error;
-
-    ssl_certificate      %ssl_pem%;
-    ssl_certificate_key  %ssl_key%;
-    ssl_stapling on;
-    ssl_stapling_verify on;
-
-    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
-
-    location = /favicon.ico {
-        log_not_found off;
-        access_log off;
-    }
-
-    location = /robots.txt {
-        allow all;
-        log_not_found off;
-        access_log off;
-    }
-
-    location ~* \.(txt|log)$ {
-        allow 192.168.0.0/16;
-        deny all;
-    }
-
-    location ~ \..*/.*\.php$ {
-        return 403;
-    }
-
-    location ~ ^/sites/.*/private/ {
-        return 403;
-    }
-
-    location ~ ^/sites/[^/]+/files/.*\.php$ {
-        deny all;
-    }
-    
-    location / {
-        try_files $uri @rewrite;
-    }
-
-    location @rewrite {
-        rewrite ^/(.*)$ /index.php?q=$1;
-    }
-    
-    location ~ /vendor/.*\.php$ {
-        deny all;
-        return 404;
-    }    
-
-    location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
-        try_files $uri @rewrite;
-        expires max;
-        log_not_found off;
-    }
-
-    location ~ ^/sites/.*/files/imagecache/ {
-        try_files $uri @rewrite;
-    }    
-
-    location ~ '\.php$|^/update.php' {
-        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_pass %backend_lsnr%;             
-        include         /etc/nginx/fastcgi_params;
-        include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
-    }
-
-    location /error/ {
-        alias   %home%/%user%/web/%domain%/document_errors/;
-    }
-
-    location ~ /\.(?!well-known\/) { 
-       deny all; 
-       return 404;
-    }
-
-    location /vstats/ {
-        alias   %home%/%user%/web/%domain%/stats/;
-        include %home%/%user%/web/%domain%/stats/auth.conf*;
-    }
-
-    include     /etc/nginx/conf.d/phpmyadmin.inc*;
-    include     /etc/nginx/conf.d/phppgadmin.inc*;
-    include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
-}

install/deb/templates/web/nginx/php-fpm/drupal6.tpl

@@ -1,93 +0,0 @@
-#=======================================================================#
-# Default Web Domain Template                                           #
-# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
-#=======================================================================#
-
-server {
-    listen      %ip%:%web_port%;
-    server_name %domain_idn% %alias_idn%;
-    root        %docroot%;
-    index       index.php index.html index.htm;
-    access_log  /var/log/nginx/domains/%domain%.log combined;
-    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
-    error_log   /var/log/nginx/domains/%domain%.error.log error;
-        
-    include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
-
-    location = /favicon.ico {
-        log_not_found off;
-        access_log off;
-    }
-
-    location = /robots.txt {
-        allow all;
-        log_not_found off;
-        access_log off;
-    }
-
-    location ~* \.(txt|log)$ {
-        allow 192.168.0.0/16;
-        deny all;
-    }
-
-    location ~ \..*/.*\.php$ {
-        return 403;
-        }
-
-    location ~ ^/sites/.*/private/ {
-        return 403;
-    }
-
-    location ~ ^/sites/[^/]+/files/.*\.php$ {
-        deny all;
-    }
-
-    location / {
-        try_files $uri @rewrite;
-    }
-
-    location @rewrite {
-        rewrite ^/(.*)$ /index.php?q=$1;
-    }
-    
-    location ~ /vendor/.*\.php$ {
-        deny all;
-        return 404;
-    }    
-
-    location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
-        try_files $uri @rewrite;
-        expires max;
-        log_not_found off;
-    }
-
-    location ~ ^/sites/.*/files/imagecache/ {
-        try_files $uri @rewrite;
-    }
-        
-    location ~ '\.php$|^/update.php' {
-        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_pass %backend_lsnr%;             
-        include         /etc/nginx/fastcgi_params;
-        include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
-    }
-
-    location /error/ {
-        alias   %home%/%user%/web/%domain%/document_errors/;
-    }
-
-    location ~ /\.(?!well-known\/) { 
-       deny all; 
-       return 404;
-    }
-
-    location /vstats/ {
-        alias   %home%/%user%/web/%domain%/stats/;
-        include %home%/%user%/web/%domain%/stats/auth.conf*;
-    }
-
-    include     /etc/nginx/conf.d/phpmyadmin.inc*;
-    include     /etc/nginx/conf.d/phppgadmin.inc*;
-    include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
-}

install/deb/templates/web/nginx/php-fpm/joomla.stpl

@@ -6,7 +6,7 @@
 server {
     listen      %ip%:%web_ssl_port% ssl http2;
     server_name %domain_idn% %alias_idn%;
-    root        %sdocroot%;
+    root        %docroot%;
     index       index.php index.html index.htm;
     access_log  /var/log/nginx/domains/%domain%.log combined;
     access_log  /var/log/nginx/domains/%domain%.bytes bytes;
@@ -19,54 +19,57 @@ server {
 
     include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
 
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location ~ /\.(?!well-known\/) {
+        deny all;
+        return 404;
+    }
+
+    location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
+        deny all;
+        return 404;
+    }
+
     location / {
         try_files $uri $uri/ /index.php?$args;
-
-        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
-            expires     max;
+        location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
+            expires 30d;
             fastcgi_hide_header "Set-Cookie";
         }
 
-        # deny running scripts inside writable directories
-        location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
-            return 403;
-            error_page 403 /403_error.html;
-        }
-
         location ~ [^/]\.php(/|$) {
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            if (!-f $document_root$fastcgi_script_name) {
-                return  404;
-            }
-
-            fastcgi_pass    %backend_lsnr%;
-            fastcgi_index   index.php;
-            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            try_files $uri =404;
+            fastcgi_pass %backend_lsnr%;
+            fastcgi_index index.php;
             include /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+            include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+            if ($request_uri ~* "/administrator/|index.php") {
+                set $no_cache 1;
+            }
         }
     }
 
-    error_page 403 /error/404.html;
-    error_page 404 /error/404.html;
-    error_page 410 /error/410.html;
-    error_page 500 502 503 504 /error/50x.html;
-
     location /error/ {
         alias   %home%/%user%/web/%domain%/document_errors/;
     }
 
-    location ~ /\.(?!well-known\/) {
-        deny all;
-        return 404;
-    }
-
     location /vstats/ {
         alias   %home%/%user%/web/%domain%/stats/;
         include %home%/%user%/web/%domain%/stats/auth.conf*;
     }
 
-    include     /etc/nginx/conf.d/phpmyadmin.inc*;
-    include     /etc/nginx/conf.d/phppgadmin.inc*;
-    include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
+    include /etc/nginx/conf.d/phpmyadmin.inc*;
+    include /etc/nginx/conf.d/phppgadmin.inc*;
+    include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
 }

install/deb/templates/web/nginx/php-fpm/joomla.tpl

@@ -11,57 +11,60 @@ server {
     access_log  /var/log/nginx/domains/%domain%.log combined;
     access_log  /var/log/nginx/domains/%domain%.bytes bytes;
     error_log   /var/log/nginx/domains/%domain%.error.log error;
-        
+
     include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
 
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location ~ /\.(?!well-known\/) {
+        deny all;
+        return 404;
+    }
+
+    location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
+        deny all;
+        return 404;
+    }
+
     location / {
         try_files $uri $uri/ /index.php?$args;
-
-        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
-            expires     max;
+        location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
+            expires 30d;
             fastcgi_hide_header "Set-Cookie";
         }
 
-        # deny running scripts inside writable directories
-        location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
-            return 403;
-            error_page 403 /403_error.html;
-        }
-
         location ~ [^/]\.php(/|$) {
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            if (!-f $document_root$fastcgi_script_name) {
-                return  404;
-            }
-
-            fastcgi_pass    %backend_lsnr%;
-            fastcgi_index   index.php;
-            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            try_files $uri =404;
+            fastcgi_pass %backend_lsnr%;
+            fastcgi_index index.php;
             include /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+            include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+            if ($request_uri ~* "/administrator/|index.php") {
+                set $no_cache 1;
+            }
         }
     }
 
-    error_page 403 /error/404.html;
-    error_page 404 /error/404.html;
-    error_page 410 /error/410.html;
-    error_page 500 502 503 504 /error/50x.html;
-
     location /error/ {
         alias   %home%/%user%/web/%domain%/document_errors/;
     }
 
-    location ~ /\.(?!well-known\/) {
-        deny all;
-        return 404;
-    }
-
     location /vstats/ {
         alias   %home%/%user%/web/%domain%/stats/;
         include %home%/%user%/web/%domain%/stats/auth.conf*;
     }
 
-    include     /etc/nginx/conf.d/phpmyadmin.inc*;
-    include     /etc/nginx/conf.d/phppgadmin.inc*;
-    include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
+    include /etc/nginx/conf.d/phpmyadmin.inc*;
+    include /etc/nginx/conf.d/phppgadmin.inc*;
+    include %home%/%user%/conf/web/%domain%/nginx.conf_*;
 }

install/deb/templates/web/nginx/php-fpm/laravel.stpl

@@ -16,26 +16,39 @@ server {
     ssl_certificate_key  %ssl_key%;
     ssl_stapling on;
     ssl_stapling_verify on;
-    
+
     include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
 
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location ~ /\.(?!well-known\/) {
+        deny all;
+        return 404;
+    }
+
     location / {
-        try_files $uri $uri/ /index.php?$query_string;
-        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
-            expires     max;
+        try_files $uri $uri/ /index.php?$args;
+        location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
+            expires 30d;
             fastcgi_hide_header "Set-Cookie";
         }
 
         location ~ [^/]\.php(/|$) {
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            if (!-f $document_root$fastcgi_script_name) {
-                return  404;
-            }
-
-            fastcgi_pass    %backend_lsnr%;
-            fastcgi_index   index.php;
+            try_files $uri =404;
+            fastcgi_pass %backend_lsnr%;
+            fastcgi_index index.php;
             include /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+            include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
         }
     }
 
@@ -43,17 +56,12 @@ server {
         alias   %home%/%user%/web/%domain%/document_errors/;
     }
 
-    location ~ /\.(?!well-known\/) {
-        deny all;
-        return 404;
-    }
-
     location /vstats/ {
         alias   %home%/%user%/web/%domain%/stats/;
         include %home%/%user%/web/%domain%/stats/auth.conf*;
     }
 
-    include     /etc/nginx/conf.d/phpmyadmin.inc*;
-    include     /etc/nginx/conf.d/phppgadmin.inc*;
-    include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
+    include /etc/nginx/conf.d/phpmyadmin.inc*;
+    include /etc/nginx/conf.d/phppgadmin.inc*;
+    include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
 }

install/deb/templates/web/nginx/php-fpm/laravel.tpl

@@ -11,25 +11,40 @@ server {
     access_log  /var/log/nginx/domains/%domain%.log combined;
     access_log  /var/log/nginx/domains/%domain%.bytes bytes;
     error_log   /var/log/nginx/domains/%domain%.error.log error;
-        
+
     include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location ~ /\.(?!well-known\/) {
+        deny all;
+        return 404;
+    }
+
     location / {
-        try_files $uri $uri/ /index.php?$query_string;
-        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
-            expires     max;
+        try_files $uri $uri/ /index.php?$args;
+        location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
+            expires 30d;
             fastcgi_hide_header "Set-Cookie";
         }
 
         location ~ [^/]\.php(/|$) {
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            if (!-f $document_root$fastcgi_script_name) {
-                return  404;
-            }
-
-            fastcgi_pass    %backend_lsnr%;
-            fastcgi_index   index.php;
+            try_files $uri =404;
+            fastcgi_pass %backend_lsnr%;
+            fastcgi_index index.php;
             include /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+            include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+
         }
     }
 
@@ -37,17 +52,12 @@ server {
         alias   %home%/%user%/web/%domain%/document_errors/;
     }
 
-    location ~ /\.(?!well-known\/) { 
-       deny all; 
-       return 404;
-    }
-
     location /vstats/ {
         alias   %home%/%user%/web/%domain%/stats/;
         include %home%/%user%/web/%domain%/stats/auth.conf*;
     }
 
-    include     /etc/nginx/conf.d/phpmyadmin.inc*;
-    include     /etc/nginx/conf.d/phppgadmin.inc*;
-    include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
+    include /etc/nginx/conf.d/phpmyadmin.inc*;
+    include /etc/nginx/conf.d/phppgadmin.inc*;
+    include %home%/%user%/conf/web/%domain%/nginx.conf_*;
 }

install/deb/templates/web/nginx/php-fpm/modx.stpl

@@ -19,10 +19,6 @@ server {
 
     include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
 
-#   if you need to rewrite www to non-www uncomment bellow
-#   if ($host != '%domain%' ) {
-#       rewrite      ^/(.*)$  https://%domain%/$1  permanent;
-#    }
     location = /favicon.ico {
         log_not_found off;
         access_log off;
@@ -34,41 +30,52 @@ server {
         access_log off;
     }
 
-    location / {
-        try_files $uri $uri/ @rewrite;
-        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
-            expires     max;
-            fastcgi_hide_header "Set-Cookie";
-        }
+    location ~ /\.(?!well-known\/) {
+        deny all;
+        return 404;
     }
+
+    location /core/ {
+        deny all;
+        return 404;
+    }
+
     location @rewrite {
         rewrite ^/(.*)$ /index.php?q=$1;
     }
 
-    location ~ \.php$ {
-        try_files $uri =404;
-        fastcgi_pass %backend_lsnr%;
-        fastcgi_index index.php;
-        fastcgi_param SCRIPT_FILENAME $request_filename;
-        include /etc/nginx/fastcgi_params;
-        include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+    location / {
+        try_files $uri $uri/ @rewrite;
+        location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
+            expires 30d;
+            fastcgi_hide_header "Set-Cookie";
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            try_files $uri =404;
+            fastcgi_pass %backend_lsnr%;
+            fastcgi_index index.php;
+            include /etc/nginx/fastcgi_params;
+            include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+                if ($request_uri ~* "/manager/|index.php") {
+                    set $no_cache 1;
+                }
+                if ($http_cookie ~ SESS) {
+                    set $no_cache 1;
+                }
     }
 
     location /error/ {
         alias   %home%/%user%/web/%domain%/document_errors/;
     }
 
-    location ~ /\.(?!well-known\/) { 
-       deny all; 
-       return 404;
-    }
-
     location /vstats/ {
         alias   %home%/%user%/web/%domain%/stats/;
         include %home%/%user%/web/%domain%/stats/auth.conf*;
     }
 
-    include     /etc/nginx/conf.d/phpmyadmin.inc*;
-    include     /etc/nginx/conf.d/phppgadmin.inc*;
-    include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
+    include /etc/nginx/conf.d/phpmyadmin.inc*;
+    include /etc/nginx/conf.d/phppgadmin.inc*;
+    include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
 }

install/deb/templates/web/nginx/php-fpm/modx.tpl

@@ -11,12 +11,9 @@ server {
     access_log  /var/log/nginx/domains/%domain%.log combined;
     access_log  /var/log/nginx/domains/%domain%.bytes bytes;
     error_log   /var/log/nginx/domains/%domain%.error.log error;
-        
+
     include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
-#   if you need to rewrite www to non-www uncomment bellow
-#   if ($host != '%domain%' ) {
-#       rewrite      ^/(.*)$  http://%domain%/$1  permanent;
-#    }
+
     location = /favicon.ico {
         log_not_found off;
         access_log off;
@@ -28,41 +25,52 @@ server {
         access_log off;
     }
 
-    location / {
-        try_files $uri $uri/ @rewrite;
-        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
-            expires     max;
-            fastcgi_hide_header "Set-Cookie";
-        }
+    location ~ /\.(?!well-known\/) {
+        deny all;
+        return 404;
+    }
+
+    location /core/ {
+        deny all;
+        return 404;
     }
+
     location @rewrite {
         rewrite ^/(.*)$ /index.php?q=$1;
     }
 
-    location ~ \.php$ {
-        try_files $uri =404;
-        fastcgi_pass %backend_lsnr%;
-        fastcgi_index index.php;
-        fastcgi_param SCRIPT_FILENAME $request_filename;
-        include /etc/nginx/fastcgi_params;
-        include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+    location / {
+        try_files $uri $uri/ @rewrite;
+        location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
+            expires 30d;
+            fastcgi_hide_header "Set-Cookie";
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            try_files $uri =404;
+            fastcgi_pass %backend_lsnr%;
+            fastcgi_index index.php;
+            include /etc/nginx/fastcgi_params;
+            include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+                if ($request_uri ~* "/manager/|index.php") {
+                    set $no_cache 1;
+                }
+                if ($http_cookie ~ SESS) {
+                    set $no_cache 1;
+                }
     }
 
     location /error/ {
         alias   %home%/%user%/web/%domain%/document_errors/;
     }
 
-    location ~ /\.(?!well-known\/) { 
-       deny all; 
-       return 404;
-    }
-
     location /vstats/ {
         alias   %home%/%user%/web/%domain%/stats/;
         include %home%/%user%/web/%domain%/stats/auth.conf*;
     }
 
-    include     /etc/nginx/conf.d/phpmyadmin.inc*;
-    include     /etc/nginx/conf.d/phppgadmin.inc*;
-    include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
+    include /etc/nginx/conf.d/phpmyadmin.inc*;
+    include /etc/nginx/conf.d/phppgadmin.inc*;
+    include %home%/%user%/conf/web/%domain%/nginx.conf_*;
 }

install/deb/templates/web/nginx/php-fpm/sendy.stpl

@@ -6,19 +6,20 @@
 server {
     listen      %ip%:%web_ssl_port% ssl http2;
     server_name %domain_idn% %alias_idn%;
-    ssl_certificate      %ssl_pem%;
-    ssl_certificate_key  %ssl_key%;
-    ssl_stapling on;
-    ssl_stapling_verify on;
     root        %docroot%;
     index       index.php index.html index.htm;
     access_log  /var/log/nginx/domains/%domain%.log combined;
     access_log  /var/log/nginx/domains/%domain%.bytes bytes;
     error_log   /var/log/nginx/domains/%domain%.error.log error;
 
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
     include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
 
-     location = /favicon.ico {
+    location = /favicon.ico {
         log_not_found off;
         access_log off;
     }
@@ -29,16 +30,12 @@ server {
         access_log off;
     }
 
-    location ~ /\.(?!well-known\/) { 
-       deny all; 
-       return 404;
-    }
-
-    location ~ /(readme.html|license.txt) {
+    location ~ /\.(?!well-known\/) {
         deny all;
+        return 404;
     }
 
-    if (!-f $request_filename){
+    if (!-f $request_filename) {
         rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last;
     }
 
@@ -46,6 +43,7 @@ server {
         try_files $uri $uri/ /index.php?$args;
         location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ {
             expires 1d;
+            fastcgi_hide_header "Set-Cookie";
         }
 
         location ~ [^/]\.php(/|$) {
@@ -54,7 +52,7 @@ server {
             fastcgi_pass %backend_lsnr%;
             fastcgi_index index.php;
             include /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+            include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
         }
 
         location /l/ {
@@ -87,7 +85,7 @@ server {
         include %home%/%user%/web/%domain%/stats/auth.conf*;
     }
 
-    include     /etc/nginx/conf.d/phpmyadmin.inc*;
-    include     /etc/nginx/conf.d/phppgadmin.inc*;
-    include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
+    include /etc/nginx/conf.d/phpmyadmin.inc*;
+    include /etc/nginx/conf.d/phppgadmin.inc*;
+    include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
 }

install/deb/templates/web/nginx/php-fpm/sendy.tpl

@@ -11,7 +11,7 @@ server {
     access_log  /var/log/nginx/domains/%domain%.log combined;
     access_log  /var/log/nginx/domains/%domain%.bytes bytes;
     error_log   /var/log/nginx/domains/%domain%.error.log error;
-        
+
     include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
 
     location = /favicon.ico {
@@ -25,16 +25,12 @@ server {
         access_log off;
     }
 
-    location ~ /\.(?!well-known\/) { 
-       deny all; 
-       return 404;
-    }
-
-    location ~ /(readme.html|license.txt) {
+    location ~ /\.(?!well-known\/) {
         deny all;
+        return 404;
     }
 
-    if (!-f $request_filename){
+    if (!-f $request_filename) {
         rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last;
     }
 
@@ -42,6 +38,7 @@ server {
         try_files $uri $uri/ /index.php?$args;
         location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ {
             expires 1d;
+            fastcgi_hide_header "Set-Cookie";
         }
 
         location ~ [^/]\.php(/|$) {
@@ -50,7 +47,7 @@ server {
             fastcgi_pass %backend_lsnr%;
             fastcgi_index index.php;
             include /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+            include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
         }
 
         location /l/ {
@@ -83,7 +80,7 @@ server {
         include %home%/%user%/web/%domain%/stats/auth.conf*;
     }
 
-    include     /etc/nginx/conf.d/phpmyadmin.inc*;
-    include     /etc/nginx/conf.d/phppgadmin.inc*;
-    include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
+    include /etc/nginx/conf.d/phpmyadmin.inc*;
+    include /etc/nginx/conf.d/phppgadmin.inc*;
+    include %home%/%user%/conf/web/%domain%/nginx.conf_*;
 }

install/deb/templates/web/nginx/php-fpm/wordpress.stpl

@@ -30,29 +30,36 @@ server {
         access_log off;
     }
 
-    location / {
-        try_files $uri $uri/ /index.php?$args;
+    location ~ /\.(?!well-known\/) {
+        deny all;
+        return 404;
+    }
 
-        if (!-e $request_filename)
-        {
-            rewrite ^(.+)$ /index.php?q=$1 last;
-        }
+    location ~* /(?:uploads|files)/.*.php$ {
+        deny all;
+        return 404;
+    }
 
-        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
-            expires     max;
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+        location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
+            expires 30d;
             fastcgi_hide_header "Set-Cookie";
         }
 
         location ~ [^/]\.php(/|$) {
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            if (!-f $document_root$fastcgi_script_name) {
-                return  404;
-            }
-
-            fastcgi_pass    %backend_lsnr%;
-            fastcgi_index   index.php;
+            try_files $uri =404;
+            fastcgi_pass %backend_lsnr%;
+            fastcgi_index index.php;
             include /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+            include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+            if ($request_uri ~* "/wp-admin/|wp-.*.php|xmlrpc.php|index.php|/store.*|/cart.*|/my-account.*|/checkout.*") {
+                set $no_cache 1;
+            }
+            if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart|woocommerce_cart_hash|PHPSESSID") {
+                set $no_cache 1;
+            }
         }
     }
 
@@ -60,19 +67,12 @@ server {
         alias   %home%/%user%/web/%domain%/document_errors/;
     }
 
-    location ~ /\.(?!well-known\/) { 
-       deny all; 
-       return 404;
-    }
-
     location /vstats/ {
         alias   %home%/%user%/web/%domain%/stats/;
         include %home%/%user%/web/%domain%/stats/auth.conf*;
     }
 
-    include     /etc/nginx/conf.d/phpmyadmin.inc*;
-    include     /etc/nginx/conf.d/phppgadmin.inc*;
-    include     /etc/nginx/conf.d/webmail.inc*;
-
-    include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
+    include /etc/nginx/conf.d/phpmyadmin.inc*;
+    include /etc/nginx/conf.d/phppgadmin.inc*;
+    include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
 }

install/deb/templates/web/nginx/php-fpm/wordpress.tpl

@@ -11,9 +11,9 @@ server {
     access_log  /var/log/nginx/domains/%domain%.log combined;
     access_log  /var/log/nginx/domains/%domain%.bytes bytes;
     error_log   /var/log/nginx/domains/%domain%.error.log error;
-        
+
     include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
-    
+
     location = /favicon.ico {
         log_not_found off;
         access_log off;
@@ -25,29 +25,36 @@ server {
         access_log off;
     }
 
+    location ~ /\.(?!well-known\/) {
+        deny all;
+        return 404;
+    }
+
+    location ~* /(?:uploads|files)/.*.php$ {
+        deny all;
+        return 404;
+    }
+
     location / {
         try_files $uri $uri/ /index.php?$args;
-        
-        if (!-e $request_filename)
-        {
-            rewrite ^(.+)$ /index.php?q=$1 last;
-        }
-
-        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
-            expires     max;
+        location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
+            expires 30d;
             fastcgi_hide_header "Set-Cookie";
         }
 
         location ~ [^/]\.php(/|$) {
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            if (!-f $document_root$fastcgi_script_name) {
-                return  404;
-            }
-
-            fastcgi_pass    %backend_lsnr%;
-            fastcgi_index   index.php;
+            try_files $uri =404;
+            fastcgi_pass %backend_lsnr%;
+            fastcgi_index index.php;
             include /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+            include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+            if ($request_uri ~* "/wp-admin/|wp-.*.php|xmlrpc.php|index.php|/store.*|/cart.*|/my-account.*|/checkout.*") {
+                set $no_cache 1;
+            }
+            if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart|woocommerce_cart_hash|PHPSESSID") {
+                set $no_cache 1;
+            }
         }
     }
 
@@ -55,19 +62,12 @@ server {
         alias   %home%/%user%/web/%domain%/document_errors/;
     }
 
-    location ~ /\.(?!well-known\/) { 
-       deny all; 
-       return 404;
-    }
-
     location /vstats/ {
         alias   %home%/%user%/web/%domain%/stats/;
         include %home%/%user%/web/%domain%/stats/auth.conf*;
     }
 
-    include     /etc/nginx/conf.d/phpmyadmin.inc*;
-    include     /etc/nginx/conf.d/phppgadmin.inc*;
-    include     /etc/nginx/conf.d/webmail.inc*;
-
-    include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
+    include /etc/nginx/conf.d/phpmyadmin.inc*;
+    include /etc/nginx/conf.d/phppgadmin.inc*;
+    include %home%/%user%/conf/web/%domain%/nginx.conf_*;
 }

install/upgrade/versions/1.4.0.sh

@@ -127,6 +127,24 @@ if [ ! -f "$HESTIA/conf/defaults/hestia.conf" ]; then
     cp -f $HESTIA/conf/hestia.conf $HESTIA/conf/defaults/hestia.conf
 fi
 
+# Consolidate nginx (standalone) templates used by active websites
+if [ "$WEB_SYSTEM" = "nginx" ]; then
+    echo "[ * ] Consolidating nginx templates for Drupal & CodeIgniter..."
+    sed -i "s|TPL='drupal6'|TPL='drupal'|g" $HESTIA/data/users/*/web.conf
+    sed -i "s|TPL='drupal7'|TPL='drupal'|g" $HESTIA/data/users/*/web.conf
+    sed -i "s|TPL='drupal8'|TPL='drupal'|g" $HESTIA/data/users/*/web.conf
+    sed -i "s|TPL='codeigniter2'|TPL='codeigniter'|g" $HESTIA/data/users/*/web.conf
+    sed -i "s|TPL='codeigniter3'|TPL='codeigniter'|g" $HESTIA/data/users/*/web.conf
+fi
+
+# Remove outdated nginx templates
+echo "[ * ] Removing outdated nginx templates..."
+rm -rf $HESTIA/data/templates/web/nginx/php-fpm/drupal6.*tpl
+rm -rf $HESTIA/data/templates/web/nginx/php-fpm/drupal7.*tpl
+rm -rf $HESTIA/data/templates/web/nginx/php-fpm/drupal8.*tpl
+rm -rf $HESTIA/data/templates/web/nginx/php-fpm/codeigniter2.*tpl
+rm -rf $HESTIA/data/templates/web/nginx/php-fpm/codeigniter3.*tpl
+
 
 
 ##### COMMANDS FOR V1.5.X