Add HTTP_HOST param, cleanup headers, and add WordPress HTTP/3 templates (#5185)

This update improves WordPress Nginx templates, adds HTTP/3 support, and introduces automation for selective `reuseport` usage.

- Added `fastcgi_param HTTP_HOST $host;` to all WordPress-related Nginx templates.
- Ensures correct host header forwarding to PHP-FPM and prevents URL resolution issues in WordPress.

- Removed `proxy_hide_header Upgrade;` from multiple `.stpl` templates where it was not applicable to FastCGI setups.

Introduced new templates and helper scripts with built-in HTTP/3 (QUIC) support:
- `wordpress-disable-xmlrpc-http3.sh`
- `wordpress-disable-xmlrpc-http3.stpl`
- `wordpress-disable-xmlrpc-http3.tpl`
- `wordpress-http3.sh`
- `wordpress-http3.stpl`
- `wordpress-http3.tpl`
- `wordpress_mu_subdir-http3.sh`
- `wordpress_mu_subdir-http3.stpl`
- `wordpress_mu_subdir-http3.tpl`

- Added scripts to automate enabling `reuseport` **only for one site** when multiple domains share the same IP, avoiding listener conflicts while supporting HTTP/3.

These changes improve compatibility, reliability, and performance for WordPress deployments on HestiaCP using Nginx + PHP-FPM.

install/deb/templates/web/nginx/php-fpm/wordpress-disable-xmlrpc-http3.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+user="$1"
+domain="$2"
+ip="$3"
+home="$4"
+
+# Build the path to the domain's configuration directory.
+domain_conf_path="${home}/${user}/conf/web/${domain}"
+
+# Path to the Nginx SSL configuration file for this domain.
+nginx_conf="${domain_conf_path}/nginx.ssl.conf"
+
+# Check if any file under /etc/nginx/conf.d/domains/ contains a line
+# with this IP followed by “quic reuseport;”. If not, proceed.
+if ! grep -qR "${ip}.*quic reuseport" /etc/nginx/conf.d/domains/; then
+	# Modify the domain's nginx config: replace "quic" with "quic reuseport"
+	# to enable the reuseport option for QUIC.
+	sed -i.bak 's/quic/quic reuseport/' "$nginx_conf"
+	# Test the nginx configuration to ensure it is valid.
+	if nginx_check="$(nginx -t)"; then
+		rm -f "${nginx_conf}.bak"
+		systemctl reload nginx
+	else
+		echo "Error: nginx conf is not valid" >&2
+		echo "$nginx_check" >&2
+		echo "Restoring nginc.ssl.conf backup file"
+		mv "${nginx_conf}.bak" "${nginx_conf}"
+	fi
+fi

install/deb/templates/web/nginx/php-fpm/wordpress-disable-xmlrpc-http3.stpl

@@ -0,0 +1,104 @@
+#=========================================================================#
+# Default Web Domain Template                                             #
+# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
+# https://hestiacp.com/docs/server-administration/web-templates.html      #
+#=========================================================================#
+
+server {
+	listen      %ip%:%web_ssl_port% quic;
+	listen      %ip%:%web_ssl_port% ssl;
+	server_name %domain_idn% %alias_idn%;
+	root        %sdocroot%;
+	index       index.php index.html index.htm;
+	access_log  /var/log/nginx/domains/%domain%.log combined;
+	access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+	error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+	ssl_certificate     %ssl_pem%;
+	ssl_certificate_key %ssl_key%;
+	#Commented out ssl_stapling directives due to Lets Encrypt ending OCSP support in 2025
+	#ssl_stapling        on;
+	#ssl_stapling_verify on;
+
+	# TLS 1.3 0-RTT anti-replay
+	if ($anti_replay = 307) { return 307 https://$host$request_uri; }
+	if ($anti_replay = 425) { return 425; }
+
+        # Add support to HTTP/3
+        add_header Alt-Svc 'h3=":$server_port"; ma=86400';
+
+	include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
+	location = /favicon.ico {
+		log_not_found off;
+		access_log off;
+	}
+
+	location = /robots.txt {
+		try_files $uri $uri/ /index.php?$args;
+		log_not_found off;
+		access_log off;
+	}
+
+	location ~ /\.(?!well-known\/) {
+		deny all;
+		return 404;
+	}
+
+	location = /xmlrpc.php {
+			deny all;
+			access_log off;
+			log_not_found off;
+			return 403;
+	}
+
+	location / {
+		try_files $uri $uri/ /index.php?$args;
+
+		location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
+			expires 30d;
+			fastcgi_hide_header "Set-Cookie";
+		}
+
+		location ~* /(?:uploads|files)/.*.php$ {
+			deny all;
+			return 404;
+		}
+
+		location ~ [^/]\.php(/|$) {
+			try_files $uri =404;
+
+			include /etc/nginx/fastcgi_params;
+
+			fastcgi_index index.php;
+			fastcgi_param HTTP_EARLY_DATA $rfc_early_data if_not_empty;
+			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+			fastcgi_param HTTP_HOST $host;
+
+			fastcgi_pass %backend_lsnr%;
+
+			include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+
+			if ($request_uri ~* "/wp-admin/|/wp-json/|wp-.*.php|xmlrpc.php|index.php|/store.*|/cart.*|/my-account.*|/checkout.*") {
+				set $no_cache 1;
+			}
+
+			if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart|woocommerce_cart_hash|PHPSESSID") {
+				set $no_cache 1;
+			}
+		}
+	}
+
+	location /error/ {
+		alias %home%/%user%/web/%domain%/document_errors/;
+	}
+
+	location /vstats/ {
+		alias   %home%/%user%/web/%domain%/stats/;
+		include %home%/%user%/web/%domain%/stats/auth.conf*;
+	}
+
+	include /etc/nginx/conf.d/phpmyadmin.inc*;
+	include /etc/nginx/conf.d/phppgadmin.inc*;
+	include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
+}

install/deb/templates/web/nginx/php-fpm/wordpress-disable-xmlrpc-http3.tpl

@@ -0,0 +1,89 @@
+#=========================================================================#
+# Default Web Domain Template                                             #
+# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
+# https://hestiacp.com/docs/server-administration/web-templates.html      #
+#=========================================================================#
+
+server {
+	listen      %ip%:%web_port%;
+	server_name %domain_idn% %alias_idn%;
+	root        %docroot%;
+	index       index.php index.html index.htm;
+	access_log  /var/log/nginx/domains/%domain%.log combined;
+	access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+	error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+	include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
+
+	location = /favicon.ico {
+		log_not_found off;
+		access_log off;
+	}
+
+	location = /robots.txt {
+		try_files $uri $uri/ /index.php?$args;
+		log_not_found off;
+		access_log off;
+	}
+
+	location ~ /\.(?!well-known\/) {
+		deny all;
+		return 404;
+	}
+
+	location / {
+		try_files $uri $uri/ /index.php?$args;
+
+		location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
+			expires 30d;
+			fastcgi_hide_header "Set-Cookie";
+		}
+
+		location ~* /(?:uploads|files)/.*.php$ {
+			deny all;
+			return 404;
+		}
+
+		location = /xmlrpc.php {
+				deny all;
+				access_log off;
+				log_not_found off;
+				return 403;
+		}
+
+		location ~ [^/]\.php(/|$) {
+			try_files $uri =404;
+
+			include /etc/nginx/fastcgi_params;
+
+			fastcgi_index index.php;
+			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+			fastcgi_param HTTP_HOST $host;
+
+			fastcgi_pass %backend_lsnr%;
+
+			include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+
+			if ($request_uri ~* "/wp-admin/|/wp-json/|wp-.*.php|xmlrpc.php|index.php|/store.*|/cart.*|/my-account.*|/checkout.*") {
+				set $no_cache 1;
+			}
+
+			if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart|woocommerce_cart_hash|PHPSESSID") {
+				set $no_cache 1;
+			}
+		}
+	}
+
+	location /error/ {
+		alias %home%/%user%/web/%domain%/document_errors/;
+	}
+
+	location /vstats/ {
+		alias   %home%/%user%/web/%domain%/stats/;
+		include %home%/%user%/web/%domain%/stats/auth.conf*;
+	}
+
+	include /etc/nginx/conf.d/phpmyadmin.inc*;
+	include /etc/nginx/conf.d/phppgadmin.inc*;
+	include %home%/%user%/conf/web/%domain%/nginx.conf_*;
+}

install/deb/templates/web/nginx/php-fpm/wordpress-disable-xmlrpc.stpl

@@ -69,6 +69,7 @@ server {
 			fastcgi_index index.php;
 			fastcgi_param HTTP_EARLY_DATA $rfc_early_data if_not_empty;
 			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+			fastcgi_param HTTP_HOST $host;
 
 			fastcgi_pass %backend_lsnr%;
 
@@ -93,8 +94,6 @@ server {
 		include %home%/%user%/web/%domain%/stats/auth.conf*;
 	}
 
-	proxy_hide_header Upgrade;
-
 	include /etc/nginx/conf.d/phpmyadmin.inc*;
 	include /etc/nginx/conf.d/phppgadmin.inc*;
 	include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;

install/deb/templates/web/nginx/php-fpm/wordpress-disable-xmlrpc.tpl

@@ -58,6 +58,7 @@ server {
 
 			fastcgi_index index.php;
 			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+			fastcgi_param HTTP_HOST $host;
 
 			fastcgi_pass %backend_lsnr%;
 

install/deb/templates/web/nginx/php-fpm/wordpress-http3.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+user="$1"
+domain="$2"
+ip="$3"
+home="$4"
+
+# Build the path to the domain's configuration directory.
+domain_conf_path="${home}/${user}/conf/web/${domain}"
+
+# Path to the Nginx SSL configuration file for this domain.
+nginx_conf="${domain_conf_path}/nginx.ssl.conf"
+
+# Check if any file under /etc/nginx/conf.d/domains/ contains a line
+# with this IP followed by “quic reuseport;”. If not, proceed.
+if ! grep -qR "${ip}.*quic reuseport" /etc/nginx/conf.d/domains/; then
+	# Modify the domain's nginx config: replace "quic" with "quic reuseport"
+	# to enable the reuseport option for QUIC.
+	sed -i.bak 's/quic/quic reuseport/' "$nginx_conf"
+	# Test the nginx configuration to ensure it is valid.
+	if nginx_check="$(nginx -t)"; then
+		rm -f "${nginx_conf}.bak"
+		systemctl reload nginx
+	else
+		echo "Error: nginx conf is not valid" >&2
+		echo "$nginx_check" >&2
+		echo "Restoring nginc.ssl.conf backup file"
+		mv "${nginx_conf}.bak" "${nginx_conf}"
+	fi
+fi

install/deb/templates/web/nginx/php-fpm/wordpress-http3.stpl

@@ -0,0 +1,97 @@
+#=========================================================================#
+# Default Web Domain Template                                             #
+# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
+# https://hestiacp.com/docs/server-administration/web-templates.html      #
+#=========================================================================#
+
+server {
+	listen      %ip%:%web_ssl_port% quic;
+	listen      %ip%:%web_ssl_port% ssl;
+	server_name %domain_idn% %alias_idn%;
+	root        %sdocroot%;
+	index       index.php index.html index.htm;
+	access_log  /var/log/nginx/domains/%domain%.log combined;
+	access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+	error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+	ssl_certificate     %ssl_pem%;
+	ssl_certificate_key %ssl_key%;
+	#Commented out ssl_stapling directives due to Lets Encrypt ending OCSP support in 2025
+	#ssl_stapling        on;
+	#ssl_stapling_verify on;
+
+	# TLS 1.3 0-RTT anti-replay
+	if ($anti_replay = 307) { return 307 https://$host$request_uri; }
+	if ($anti_replay = 425) { return 425; }
+
+	# Add support to HTTP/3
+        add_header Alt-Svc 'h3=":$server_port"; ma=86400';
+
+	include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
+	location = /favicon.ico {
+		log_not_found off;
+		access_log off;
+	}
+
+	location = /robots.txt {
+		try_files $uri $uri/ /index.php?$args;
+		log_not_found off;
+		access_log off;
+	}
+
+	location ~ /\.(?!well-known\/) {
+		deny all;
+		return 404;
+	}
+
+	location / {
+		try_files $uri $uri/ /index.php?$args;
+
+		location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
+			expires 30d;
+			fastcgi_hide_header "Set-Cookie";
+		}
+
+		location ~* /(?:uploads|files)/.*.php$ {
+			deny all;
+			return 404;
+		}
+
+		location ~ [^/]\.php(/|$) {
+			try_files $uri =404;
+
+			include /etc/nginx/fastcgi_params;
+
+			fastcgi_index index.php;
+			fastcgi_param HTTP_EARLY_DATA $rfc_early_data if_not_empty;
+			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+			fastcgi_param HTTP_HOST $host;
+
+			fastcgi_pass %backend_lsnr%;
+
+			include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+
+			if ($request_uri ~* "/wp-admin/|/wp-json/|wp-.*.php|xmlrpc.php|index.php|/store.*|/cart.*|/my-account.*|/checkout.*") {
+				set $no_cache 1;
+			}
+
+			if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart|woocommerce_cart_hash|PHPSESSID") {
+				set $no_cache 1;
+			}
+		}
+	}
+
+	location /error/ {
+		alias %home%/%user%/web/%domain%/document_errors/;
+	}
+
+	location /vstats/ {
+		alias   %home%/%user%/web/%domain%/stats/;
+		include %home%/%user%/web/%domain%/stats/auth.conf*;
+	}
+
+	include /etc/nginx/conf.d/phpmyadmin.inc*;
+	include /etc/nginx/conf.d/phppgadmin.inc*;
+	include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
+}

install/deb/templates/web/nginx/php-fpm/wordpress-http3.tpl

@@ -0,0 +1,82 @@
+#=========================================================================#
+# Default Web Domain Template                                             #
+# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
+# https://hestiacp.com/docs/server-administration/web-templates.html      #
+#=========================================================================#
+
+server {
+	listen      %ip%:%web_port%;
+	server_name %domain_idn% %alias_idn%;
+	root        %docroot%;
+	index       index.php index.html index.htm;
+	access_log  /var/log/nginx/domains/%domain%.log combined;
+	access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+	error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+	include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
+
+	location = /favicon.ico {
+		log_not_found off;
+		access_log off;
+	}
+
+	location = /robots.txt {
+		try_files $uri $uri/ /index.php?$args;
+		log_not_found off;
+		access_log off;
+	}
+
+	location ~ /\.(?!well-known\/) {
+		deny all;
+		return 404;
+	}
+
+	location / {
+		try_files $uri $uri/ /index.php?$args;
+
+		location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
+			expires 30d;
+			fastcgi_hide_header "Set-Cookie";
+		}
+
+		location ~* /(?:uploads|files)/.*.php$ {
+			deny all;
+			return 404;
+		}
+
+		location ~ [^/]\.php(/|$) {
+			try_files $uri =404;
+
+			include /etc/nginx/fastcgi_params;
+
+			fastcgi_index index.php;
+			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+			fastcgi_param HTTP_HOST $host;
+
+			fastcgi_pass %backend_lsnr%;
+
+			include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+
+			if ($request_uri ~* "/wp-admin/|/wp-json/|wp-.*.php|xmlrpc.php|index.php|/store.*|/cart.*|/my-account.*|/checkout.*") {
+				set $no_cache 1;
+			}
+
+			if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart|woocommerce_cart_hash|PHPSESSID") {
+				set $no_cache 1;
+			}
+		}
+	}
+
+	location /error/ {
+		alias %home%/%user%/web/%domain%/document_errors/;
+	}
+
+	location /vstats/ {
+		alias   %home%/%user%/web/%domain%/stats/;
+		include %home%/%user%/web/%domain%/stats/auth.conf*;
+	}
+
+	include /etc/nginx/conf.d/phpmyadmin.inc*;
+	include /etc/nginx/conf.d/phppgadmin.inc*;
+	include %home%/%user%/conf/web/%domain%/nginx.conf_*;
+}

install/deb/templates/web/nginx/php-fpm/wordpress.stpl

@@ -62,6 +62,7 @@ server {
 			fastcgi_index index.php;
 			fastcgi_param HTTP_EARLY_DATA $rfc_early_data if_not_empty;
 			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+			fastcgi_param HTTP_HOST $host;
 
 			fastcgi_pass %backend_lsnr%;
 
@@ -86,8 +87,6 @@ server {
 		include %home%/%user%/web/%domain%/stats/auth.conf*;
 	}
 
-	proxy_hide_header Upgrade;
-
 	include /etc/nginx/conf.d/phpmyadmin.inc*;
 	include /etc/nginx/conf.d/phppgadmin.inc*;
 	include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;

install/deb/templates/web/nginx/php-fpm/wordpress.tpl

@@ -51,6 +51,7 @@ server {
 
 			fastcgi_index index.php;
 			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+			fastcgi_param HTTP_HOST $host;
 
 			fastcgi_pass %backend_lsnr%;
 

install/deb/templates/web/nginx/php-fpm/wordpress_mu_subdir-http3.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+user="$1"
+domain="$2"
+ip="$3"
+home="$4"
+
+# Build the path to the domain's configuration directory.
+domain_conf_path="${home}/${user}/conf/web/${domain}"
+
+# Path to the Nginx SSL configuration file for this domain.
+nginx_conf="${domain_conf_path}/nginx.ssl.conf"
+
+# Check if any file under /etc/nginx/conf.d/domains/ contains a line
+# with this IP followed by “quic reuseport;”. If not, proceed.
+if ! grep -qR "${ip}.*quic reuseport" /etc/nginx/conf.d/domains/; then
+	# Modify the domain's nginx config: replace "quic" with "quic reuseport"
+	# to enable the reuseport option for QUIC.
+	sed -i.bak 's/quic/quic reuseport/' "$nginx_conf"
+	# Test the nginx configuration to ensure it is valid.
+	if nginx_check="$(nginx -t)"; then
+		rm -f "${nginx_conf}.bak"
+		systemctl reload nginx
+	else
+		echo "Error: nginx conf is not valid" >&2
+		echo "$nginx_check" >&2
+		echo "Restoring nginc.ssl.conf backup file"
+		mv "${nginx_conf}.bak" "${nginx_conf}"
+	fi
+fi

install/deb/templates/web/nginx/php-fpm/wordpress_mu_subdir-http3.stpl

@@ -0,0 +1,104 @@
+#=========================================================================#
+# Default Web Domain Template                                             #
+# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
+# https://hestiacp.com/docs/server-administration/web-templates.html      #
+#=========================================================================#
+
+server {
+	listen      %ip%:%web_ssl_port% quic;
+	listen      %ip%:%web_ssl_port% ssl;
+	server_name %domain_idn% %alias_idn%;
+	root        %sdocroot%;
+	index       index.php index.html index.htm;
+	access_log  /var/log/nginx/domains/%domain%.log combined;
+	access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+	error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+	ssl_certificate     %ssl_pem%;
+	ssl_certificate_key %ssl_key%;
+	#Commented out ssl_stapling directives due to Lets Encrypt ending OCSP support in 2025
+	#ssl_stapling        on;
+	#ssl_stapling_verify on;
+
+	# TLS 1.3 0-RTT anti-replay
+	if ($anti_replay = 307) { return 307 https://$host$request_uri; }
+	if ($anti_replay = 425) { return 425; }
+
+        # Add support to HTTP/3
+        add_header Alt-Svc 'h3=":$server_port"; ma=86400';
+
+	include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
+	# Rewrite requests to /wp-.* on subdirectory installs.
+	if (!-e $request_filename) {
+		rewrite /wp-admin$ $scheme://$host$uri/ permanent;
+		rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
+		rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
+	}
+
+	location = /favicon.ico {
+		log_not_found off;
+		access_log off;
+	}
+
+	location = /robots.txt {
+		try_files $uri $uri/ /index.php?$args;
+		log_not_found off;
+		access_log off;
+	}
+
+	location ~ /\.(?!well-known\/) {
+		deny all;
+		return 404;
+	}
+
+	location / {
+		try_files $uri $uri/ /index.php?$args;
+
+		location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
+			expires 30d;
+			fastcgi_hide_header "Set-Cookie";
+		}
+
+		location ~* /(?:uploads|files)/.*.php$ {
+			deny all;
+			return 404;
+		}
+
+		location ~ [^/]\.php(/|$) {
+			try_files $uri =404;
+
+			include /etc/nginx/fastcgi_params;
+
+			fastcgi_index index.php;
+			fastcgi_param HTTP_EARLY_DATA $rfc_early_data if_not_empty;
+			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+			fastcgi_param HTTP_HOST $host;
+
+			fastcgi_pass %backend_lsnr%;
+
+			include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+
+			if ($request_uri ~* "/wp-admin/|/wp-json/|wp-.*.php|xmlrpc.php|index.php|/store.*|/cart.*|/my-account.*|/checkout.*") {
+				set $no_cache 1;
+			}
+
+			if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart|woocommerce_cart_hash|PHPSESSID") {
+				set $no_cache 1;
+			}
+		}
+	}
+
+	location /error/ {
+		alias %home%/%user%/web/%domain%/document_errors/;
+	}
+
+	location /vstats/ {
+		alias   %home%/%user%/web/%domain%/stats/;
+		include %home%/%user%/web/%domain%/stats/auth.conf*;
+	}
+
+	include /etc/nginx/conf.d/phpmyadmin.inc*;
+	include /etc/nginx/conf.d/phppgadmin.inc*;
+	include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
+}

install/deb/templates/web/nginx/php-fpm/wordpress_mu_subdir-http3.tpl

@@ -0,0 +1,89 @@
+#=========================================================================#
+# Default Web Domain Template                                             #
+# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
+# https://hestiacp.com/docs/server-administration/web-templates.html      #
+#=========================================================================#
+
+server {
+	listen      %ip%:%web_port%;
+	server_name %domain_idn% %alias_idn%;
+	root        %docroot%;
+	index       index.php index.html index.htm;
+	access_log  /var/log/nginx/domains/%domain%.log combined;
+	access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+	error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+	include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
+
+	# Rewrite requests to /wp-.* on subdirectory installs.
+	if (!-e $request_filename) {
+		rewrite /wp-admin$ $scheme://$host$uri/ permanent;
+		rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
+		rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
+	}
+
+	location = /favicon.ico {
+		log_not_found off;
+		access_log off;
+	}
+
+	location = /robots.txt {
+		try_files $uri $uri/ /index.php?$args;
+		log_not_found off;
+		access_log off;
+	}
+
+	location ~ /\.(?!well-known\/) {
+		deny all;
+		return 404;
+	}
+
+	location / {
+		try_files $uri $uri/ /index.php?$args;
+
+		location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
+			expires 30d;
+			fastcgi_hide_header "Set-Cookie";
+		}
+
+		location ~* /(?:uploads|files)/.*.php$ {
+			deny all;
+			return 404;
+		}
+
+		location ~ [^/]\.php(/|$) {
+			try_files $uri =404;
+
+			include /etc/nginx/fastcgi_params;
+
+			fastcgi_index index.php;
+			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+			fastcgi_param HTTP_HOST $host;
+
+			fastcgi_pass %backend_lsnr%;
+
+			include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+
+			if ($request_uri ~* "/wp-admin/|/wp-json/|wp-.*.php|xmlrpc.php|index.php|/store.*|/cart.*|/my-account.*|/checkout.*") {
+				set $no_cache 1;
+			}
+
+			if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart|woocommerce_cart_hash|PHPSESSID") {
+				set $no_cache 1;
+			}
+		}
+	}
+
+	location /error/ {
+		alias %home%/%user%/web/%domain%/document_errors/;
+	}
+
+	location /vstats/ {
+		alias   %home%/%user%/web/%domain%/stats/;
+		include %home%/%user%/web/%domain%/stats/auth.conf*;
+	}
+
+	include /etc/nginx/conf.d/phpmyadmin.inc*;
+	include /etc/nginx/conf.d/phppgadmin.inc*;
+	include %home%/%user%/conf/web/%domain%/nginx.conf_*;
+}

install/deb/templates/web/nginx/php-fpm/wordpress_mu_subdir.stpl

@@ -69,6 +69,7 @@ server {
 			fastcgi_index index.php;
 			fastcgi_param HTTP_EARLY_DATA $rfc_early_data if_not_empty;
 			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+			fastcgi_param HTTP_HOST $host;
 
 			fastcgi_pass %backend_lsnr%;
 
@@ -93,8 +94,6 @@ server {
 		include %home%/%user%/web/%domain%/stats/auth.conf*;
 	}
 
-	proxy_hide_header Upgrade;
-
 	include /etc/nginx/conf.d/phpmyadmin.inc*;
 	include /etc/nginx/conf.d/phppgadmin.inc*;
 	include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;

install/deb/templates/web/nginx/php-fpm/wordpress_mu_subdir.tpl

@@ -58,6 +58,7 @@ server {
 
 			fastcgi_index index.php;
 			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+			fastcgi_param HTTP_HOST $host;
 
 			fastcgi_pass %backend_lsnr%;
 

install/upgrade/versions/1.9.5.sh

@@ -17,7 +17,7 @@
 ####### You can use \n within the string to create new lines.                   #######
 #######################################################################################
 
-upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
+upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'true'
 upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
 upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
 upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'