Here is a sample Nginx Server block for Drupal 7 website.
server {
server_name www.example.com;
root /var/www/html/example.com/;
access_log /var/log/nginx/example.access.log;
error_log /var/log/nginx/example.error.log info;
index index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# This matters if you use drush
location = /backup {
deny all;
}
# Very rarely should these ever be accessed outside of your LAN
location ~* \.(txt|log)$ {
allow 127.0.0.1;
deny all;
}
location ~ \..*/.*\.php {
return 403;
}
location / {
# This is cool because no php is touched for static content
try_files $uri $uri/ @rewrite;
expires max;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
# Block access to scripts in site files directory
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
# Don't allow direct access to PHP files in the vendor directory.
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location @rewrite {
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
#auth_basic "Restricted Content";
#auth_basic_user_file /etc/nginx/.htpasswd;
}
}