+user nginx nginx;
+daemon off;
+worker_processes 4;
+pid /var/run/nginx.pid;
+
+events {
+ worker_connections 768;
+}
+
+http {
+ include mime.types;
+ default_type application/octet-stream;
+ keepalive_timeout 20;
+
+ client_max_body_size 10m;
+
+ index index.html index.php;
+
+ server {
+ listen 80;
+ root /var/www/shaarli;
+
+ access_log /var/log/nginx/shaarli.access.log;
+ error_log /var/log/nginx/shaarli.error.log;
+
+ location ~ /\. {
+ # deny access to dotfiles
+ access_log off;
+ log_not_found off;
+ deny all;
+ }
+
+ location ~ ~$ {
+ # deny access to temp editor files, e.g. "script.php~"
+ access_log off;
+ log_not_found off;
+ deny all;
+ }
+
+ location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
+ # cache static assets
+ expires max;
+ add_header Pragma public;
+ add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+ }
+
+ location = /favicon.ico {
+ # serve the Shaarli favicon from its custom location
+ alias /var/www/shaarli/images/favicon.ico;
+ }
+
+ location / {
+ # Slim - rewrite URLs
+ try_files $uri /index.php$is_args$args;
+ }
+
+ location ~ (index)\.php$ {
+ # Slim - split URL path into (script_filename, path_info)
+ try_files $uri =404;
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+
+ # filter and proxy PHP requests to PHP-FPM
+ fastcgi_pass unix:/var/run/php-fpm.sock;
+ fastcgi_index index.php;
+ include fastcgi.conf;
+ }
+
+ location ~ \.php$ {
+ # deny access to all other PHP scripts
+ deny all;
+ }
+ }
+}