%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /var/lib/letsencrypt/backups/1717750721.690581/
Upload File :
Create Path :
Current File : //var/lib/letsencrypt/backups/1717750721.690581/knihkupectvi-monami.cz_17

# Expires map
map $sent_http_content_type $expires_monami {
    default                    off;
    text/html                  epoch;
    text/css                   24h;
    application/javascript     24h;
    application/x-javascript   24h;
    application/octet-stream   7d;
    ~image/                    30d;
}

server {
	listen 10.27.27.5:443 ssl http2; 
	server_name www.knihkupectvi-monami.cz;

	expires $expires_monami;
	# CSP nonce
#	 set_secure_random_alphanum $cspNonce 64;
	set $cspNonce $request_id;
	 sub_filter_once off;
     sub_filter_types *;
     sub_filter "<script " "<script nonce='$cspNonce' ";
     sub_filter " style=" " nonce='$cspNonce' style=";
	
	include ssl_params;
ssl_certificate /etc/certificates/knihkupectvi-monami.cz.pem; # managed by Certbot
ssl_certificate_key /etc/certificates/knihkupectvi-monami.cz.key; # managed by Certbot
add_header "Content-Security-Policy-Report-Only" "style-src 'self' 'nonce-$cspNonce' fonts.googleapis.com cdn-monami.varak.cloud; img-src 'self' profile.prestashop.com www.paypal.com gamification.prestashop.com maps.google.com maps.googleapis.com maps.gstatic.com addons.prestashop.com cdn-monami.varak.cloud; frame-src www.facebook.com staticxx.facebook.com 'self' web.facebook.com api.prestashop.com www.youtube.com addons.prestashop.com; script-src 'self' 'nonce-$cspNonce' connect.facebook.net maps.googleapis.com maps.google.com www.google.com www.gstatic.com cdn-monami.varak.cloud; font-src 'self' fonts.gstatic.com cdn-monami.varak.cloud; default-src 'self' fonts.gstatic.com; form-action 'self'; connect-src 'self'; object-src www.youtube.com; script-src-elem cdn-monami.varak.cloud; style-src-elem cdn-monami.varak.cloud; report-uri https://waritko.report-uri.com/r/d/csp/wizard";
add_header "Report-To" '{"group":"default","max_age":31536000,"endpoints":[{"url":"https://waritko.report-uri.com/a/d/g"}],"include_subdomains":true}';
add_header "NEL" '{"report_to":"default","max_age":31536000,"include_subdomains":true}';
	error_page 404 /404.php;
	
		location / {
		root   /www/knihkupectvi-monami.cz/www.knihkupectvi-monami.cz;
		index  index.html index.htm index.php;
		autoindex off;
#    try_files $uri $uri/ /index.php?$args;

############ PRASACKY REWRITE #######################
#rewrite img/([0-9]+)/([0-9]+)/?$ /img.php?id=$1&size=$2 ;
#rewrite img/([0-9]+)/big/?$ /img.php?id=$1&bulk=big ;
#rewrite "sortiment/([0-9a-f]{32})/([0-9]+)/?$" /index.php?page=sortiment&sid=$1&offset=$2 ;
#rewrite sortiment/([0-9]+)/?$ /index.php?page=sortiment&offset=$1 ;
#rewrite "sortiment/([a-z0-9\-]+)/([0-9a-f]{32})/?$" /index.php?page=sortiment&ktg=$1&sid=$2 ;
#rewrite sortiment/([a-z0-9\-]+)/?$ /index.php?page=sortiment&ktg=$1 ;
#rewrite "sortiment/([0-9a-f]{32})/([0-9]+)/([^/]+)/([^/]+)/([^/]+)/([0-9]+)/?$" /index.php?page=sortiment&sid=$1&offset=$2&listby=$3&sort=$4&style=$5&limit=$6 ;
#rewrite sortiment/([0-9]+)/([^/]+)/([^/]+)/([^/]+)/([0-9]+)/?$ /index.php?page=sortiment&offset=$1&listby=$2&sort=$3&style=$4&limit=$5 ;
#rewrite "detail-zbozi/([0-9a-f]{32})/([0-9]+)/?$" /index.php?page=detail-zbozi&sid=$1&offset=$2 ;
#rewrite detail-zbozi/([a-z0-9\-]+)/([0-9]+)/?$ /index.php?page=detail-zbozi&id=$1&offset=$2 ;
#rewrite "detail-zbozi/([a-z0-9\-]+)/([0-9a-f]{32})/?$" /index.php?page=detail-zbozi&id=$1&sid=$2 ;
#rewrite detail-zbozi/([a-z0-9\-]+)/?$ /index.php?page=detail-zbozi&id=$1 ;
#rewrite "nakupni-kosik/add/([0-9]+)/([0-9]+)/([0-9a-f]{32})/?$" /index.php?page=nakupni-kosik&action=add&id=$1&pocet=$2&sid=$3 ;
#rewrite nakupni-kosik/add/([0-9]+)/([0-9]+)/?$ /index.php?page=nakupni-kosik&action=add&id=$1&pocet=$2 ;
#rewrite "nakupni-kosik/update/([0-9]+)/([0-9]+)/([0-9a-f]{32})/?$" /index.php?page=nakupni-kosik&action=update&id=$1&pocet=$2&sid=$3 ;
#rewrite nakupni-kosik/update/([0-9]+)/([0-9]+)/?$ /index.php?page=nakupni-kosik&action=update&id=$1&pocet=$2 ;
#rewrite "nakupni-kosik/remove/([0-9]+)/([0-9a-f]{32})/?$" /index.php?page=nakupni-kosik&action=remove&id=$1&sid=$2 ;
#rewrite nakupni-kosik/remove/([0-9]+)/?$ /index.php?page=nakupni-kosik&action=remove&id=$1 ;
#rewrite "goto_login/([^/]+)/([0-9a-f]{32})/?$" /index.php?page=goto_login&jdina=$1&sid=$2 ;
#rewrite goto_login/([^/]+)/?$ /index.php?page=goto_login&jdina=$1 ;
#rewrite goto_login//?$ /index.php?page=uvodni-stranka ;
#rewrite "detail-objednavky/([0-9a-f]{32})/([0-9]+)/?$" /index.php?page=detail-objednavky&sid=$1&obj=$2 ;
#rewrite detail-objednavky/([0-9]+)/?$ /index.php?page=detail-objednavky&obj=$1 ;
#rewrite vyhledavani/([^/]+)/?$ /index.php?page=vyhledavani&akce=search&hledej=$1 ;
#rewrite "vyhledavani/([^/]+)/([^/]+)/([abcd]{1,4})/?$" /index.php?page=vyhledavani&akce=search&hledej=$1&spoj=$2&kde=$3 ;
#rewrite "vyhledavani/([^/]+)/([^/]+)/([abcd]{1,4})/([0-9]+)/([^/]+)/([^/]+)/([^/]+)/([0-9]+)/?$" /index.php?page=vyhledavani&akce=search&hledej=$1&spoj=$2&kde=$3&offset=$4&listby=$5&sort=$6&style=$7&limit=$8 ;
#rewrite "vyhledavani/([^/]+)/([^/]+)/([abcd]{1,4})/([0-9]+)/?$" /index.php?page=vyhledavani&akce=search&hledej=$1&spoj=$2&kde=$3&offset=$4 ;
#rewrite "verify/([0-9a-f]{32})/?$" /index.php?page=registrace&code=$1 ;
#rewrite ^/([^/\-][a-z0-9\-]+)/?$ /index.php?page=$1 ;
#rewrite "^/([^/\-][a-z0-9\-]+)/([0-9a-v]{32,})/?$" /index.php?page=$1&sid=$2 ;
#rewrite ^/([^/\-][a-z0-9\-]+)/?$ /index.php?page=detail-zbozi&id=$1 ;
#rewrite robots/.txt /robots.txt ;
rewrite /customDataFeed/EBD4E447-4FCD-4CD8-8EEE-5B9308C1AA03 /heureka.xml;

#################### END PRASACKY REWRITE ###################################

##### Alien CONF

    location = /install/sandbox/anything.php {
        rewrite .* /install/sandbox/test.php last;
    }

    # Pass API requests to the webservice dispatcher
    location ^~ /api/ {
        rewrite ^/api/(.*) /webservice/dispatcher.php?url=$1 last;
    }

    # Block all files starting with ., like .htaccess
    location ~ /\. {
        deny all;
    }

    # Block all files with these extensions
    location ~ \.(md|tpl)$ {
        deny all;
    }

    # Directories explicitly allowed in directories blocked below
    location ~ ^/docs/csv_import/ {
        allow all;
    }

    # Block everything else in these directories
    location ~ ^/(adminjanicka22/backups|adminjanicka22/export|adminjanicka22/import|adminjanicka22/tabs|classes|config|docs|download|install666|localization|log|override|tools|translations)/ {
        deny all;
    }

    # 1 month expiry on other static stuff
    # Also do the friendly URL rewrites
    location ~* \.(eot|gif|ico|jpg|jpeg|otf|pdf|png|svg|swf|ttf|woff)$ {
        rewrite ^/([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$1$2$3.jpg break;
        rewrite ^/([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$1$2$3$4.jpg break;
        rewrite ^/([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg break;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg break;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg break;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg break;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg break;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg break;
        rewrite ^/c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2$3.jpg break;
        rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2.jpg break;
        rewrite ^/images_ie/?([^/]+)\.(jpe?g|png|gif)$ /js/jquery/plugins/fancybox/images/$1.$2 break;
        # next line is PSCSX-2790 bug workaround, fixed in 1.6.0.10
        rewrite ^/[a-zA-Z]+/img/cms/(.*)$ /img/cms/$1 break;
#        expires 1M;
#        add_header Cache-Control public;
        allow all;
    }

    # Block everything else in these directories
    location ~ ^/img/cms/ {
        deny all;
    }

    # 1 week expiry on CSS and JavaScript
#    location ~ \.(css|js)$ {
#        expires 1w;
#        add_header Cache-Control public;
#        allow all;
#    }

    # The rest is either served directly or passed on to the dispatcher
    location / {
        try_files $uri $uri/ /index.php?$args;
    }

	}
	location ~ \.php$ {
		include fastcgi_params;
		fastcgi_pass  127.0.0.1:9000;
		fastcgi_index  index.php;
		fastcgi_param  SCRIPT_FILENAME    /www/knihkupectvi-monami.cz/www.knihkupectvi-monami.cz$fastcgi_script_name;
	}

	location /img {
		return 301 https://cdn-monami.varak.cloud$request_uri;
	}


}

server { 
   listen 10.27.27.5:80;  listen 127.0.0.1;
    server_name  knihkupectvi-monami.cz;
    return       301 https://www.knihkupectvi-monami.cz$request_uri;
}
server {
    listen 10.27.27.5:443 ssl http2; 
    server_name  knihkupectvi-monami.cz;
ssl_certificate /etc/certificates/knihkupectvi-monami.cz.pem; # managed by Certbot
ssl_certificate_key /etc/certificates/knihkupectvi-monami.cz.key; # managed by Certbot
    return       301 https://www.knihkupectvi-monami.cz$request_uri;


}
server { 
   listen 10.27.27.5:80;  listen 127.0.0.1;
    server_name  www.knihkupectvi-monami.cz;
    return       301 https://www.knihkupectvi-monami.cz$request_uri;
}

server {
        listen 10.27.27.5:80; 
        server_name demo.knihkupectvi-monami.cz;

#    include ssl_params;
#    ssl_certificate  /home/waritko/cert/varak_net.pem;
#    ssl_certificate_key  /home/waritko/cert/varak_net.key;
#    add_header "Public-Key-Pins-Report-Only" "pin-sha256=\"DEfB6oZEqmVbw7xhj3OT9urxywTO046j4eXuwPGbiBU=\"; pin-sha256=\"yeZsqWj0RbVofoH5G1eVLjgyrq7CVZIQGuuVVaOw3qY=\"; max-age=60; report-uri=\"https://report-uri.io/report/495632cc5dc0e8992e03505ce3bcfaf7/reportOnly\"";

    root   /www/knihkupectvi-monami.cz/demo.knihkupectvi-monami.cz;
    index  index.html index.htm index.php;
    autoindex off;
    autoindex_exact_size off;

    ##### Alien CONF

    location = /install/sandbox/anything.php {
        rewrite .* /install/sandbox/test.php last;
    }

    # Pass API requests to the webservice dispatcher
    location ^~ /api/ {
        rewrite ^/api/(.*) /webservice/dispatcher.php?url=$1 last;
    }

    # Block all files starting with ., like .htaccess
    location ~ /\. {
        deny all;
    }

    # Block all files with these extensions
    location ~ \.(md|tpl)$ {
        deny all;
    }

    # Directories explicitly allowed in directories blocked below
    location ~ ^/docs/csv_import/ {
        allow all;
    }

    # Block everything else in these directories
    location ~ ^/(adminjanicka22/backups|adminjanicka22/export|adminjanicka22/import|adminjanicka22/tabs|classes|config|docs|download|install666|localization|log|override|tools|translations)/ {
        deny all;
    }

    # 1 month expiry on other static stuff
    # Also do the friendly URL rewrites
    location ~* \.(eot|gif|ico|jpg|jpeg|otf|pdf|png|svg|swf|ttf|woff)$ {
        rewrite ^/([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$1$2$3.jpg break;
        rewrite ^/([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$1$2$3$4.jpg break;
        rewrite ^/([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg break;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg break;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg break;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg break;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg break;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg break;
        rewrite ^/c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2$3.jpg break;
        rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2.jpg break;
        rewrite ^/images_ie/?([^/]+)\.(jpe?g|png|gif)$ /js/jquery/plugins/fancybox/images/$1.$2 break;
        # next line is PSCSX-2790 bug workaround, fixed in 1.6.0.10
        rewrite ^/[a-zA-Z]+/img/cms/(.*)$ /img/cms/$1 break;
#        expires 1M;
#        add_header Cache-Control public;
        allow all;
    }

    # Block everything else in these directories
    location ~ ^/img/cms/ {
        deny all;
    }

    # 1 week expiry on CSS and JavaScript
#    location ~ \.(css|js)$ {
#        expires 1w;
#        add_header Cache-Control public;
#        allow all;
#    }

    # The rest is either served directly or passed on to the dispatcher
    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    ## END ALIEN

    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_pass  127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME    /www/knihkupectvi-monami.cz/demo.knihkupectvi-monami.cz$fastcgi_script_name;
#        fastcgi_param HTTPS On;
#        fastcgi_param SSL On;
    }
}



server {
        listen 10.27.27.5:443 ssl http2; 
        server_name demo.knihkupectvi-monami.cz;

    include ssl_params;
ssl_certificate /etc/certificates/knihkupectvi-monami.cz.pem; # managed by Certbot
ssl_certificate_key /etc/certificates/knihkupectvi-monami.cz.key; # managed by Certbot

#    add_header "Public-Key-Pins-Report-Only" "pin-sha256=\"DEfB6oZEqmVbw7xhj3OT9urxywTO046j4eXuwPGbiBU=\"; pin-sha256=\"yeZsqWj0RbVofoH5G1eVLjgyrq7CVZIQGuuVVaOw3qY=\"; max-age=60; report-uri=\"https://report-uri.io/report/495632cc5dc0e8992e03505ce3bcfaf7/reportOnly\"";

    root   /www/knihkupectvi-monami.cz/demo.knihkupectvi-monami.cz;
    index  index.html index.htm index.php;
    autoindex off;
    autoindex_exact_size off;

    ##### Alien CONF 

    location = /install/sandbox/anything.php {
        rewrite .* /install/sandbox/test.php last;
    }

    # Pass API requests to the webservice dispatcher
    location ^~ /api/ {
        rewrite ^/api/(.*) /webservice/dispatcher.php?url=$1 last;
    }

    # Block all files starting with ., like .htaccess
    location ~ /\. {
        deny all;
    }

    # Block all files with these extensions
    location ~ \.(md|tpl)$ {
        deny all;
    }

    # Directories explicitly allowed in directories blocked below
    location ~ ^/docs/csv_import/ {
        allow all;
    }

    # Block everything else in these directories
    location ~ ^/(adminjanicka22/backups|adminjanicka22/export|adminjanicka22/import|adminjanicka22/tabs|classes|config|docs|download|install666|localization|log|override|tools|translations)/ {
        deny all;
    }

    # 1 month expiry on other static stuff
    # Also do the friendly URL rewrites
    location ~* \.(eot|gif|ico|jpg|jpeg|otf|pdf|png|svg|swf|ttf|woff)$ {
        rewrite ^/([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$1$2$3.jpg break;
        rewrite ^/([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$1$2$3$4.jpg break;
        rewrite ^/([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg break;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg break;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg break;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg break;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg break;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg break;
        rewrite ^/c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2$3.jpg break;
        rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2.jpg break;
        rewrite ^/images_ie/?([^/]+)\.(jpe?g|png|gif)$ /js/jquery/plugins/fancybox/images/$1.$2 break;
        # next line is PSCSX-2790 bug workaround, fixed in 1.6.0.10
        rewrite ^/[a-zA-Z]+/img/cms/(.*)$ /img/cms/$1 break;
#        expires 1M;
#        add_header Cache-Control public;
        allow all;
    }

    # Block everything else in these directories
    location ~ ^/img/cms/ {
        deny all;
    }

    # 1 week expiry on CSS and JavaScript
#    location ~ \.(css|js)$ {
#        expires 1w;
#        add_header Cache-Control public;
#        allow all;
#    }

    # The rest is either served directly or passed on to the dispatcher
    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    ## END ALIEN

    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_pass  127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME    /www/knihkupectvi-monami.cz/demo.knihkupectvi-monami.cz$fastcgi_script_name;
        fastcgi_param HTTPS On;
        fastcgi_param SSL On;
    }

}


server {
	listen 10.27.27.5:443 ssl http2; 
	server_name galerie.knihkupectvi-monami.cz;
#       rewrite_log on;
	
	include ssl_params;
    ssl_certificate /etc/certificates/knihkupectvi-monami.cz.pem; # managed by Certbot
    ssl_certificate_key /etc/certificates/knihkupectvi-monami.cz.key; # managed by Certbot
#	error_page 404 /404.php;
    root   /www/knihkupectvi-monami.cz/galerie.knihkupectvi-monami.cz;
    index  index.html index.htm index.php;


	
#	rewrite /customDataFeed/EBD4E447-4FCD-4CD8-8EEE-5B9308C1AA03 /heureka.xml;



set $admin_dir /adminjanicka22;

location ~ /(international|_profiler|module|product|feature|attribute|supplier|combination|specific-price)/(.*)$ {
      	try_files $uri $uri/ /index.php?q=$uri&$args $admin_dir/index.php$is_args$args;    	
    }


    # Redirect needed to "hide" index.php
    location / {
        try_files $uri $uri/ /index.php?$uri&$args;

        # Old image system ?
        rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$1$2$3.jpg last;
       rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
        rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last;
        rewrite ^/c/([0-9]+)(-[.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+.jpg$ /img/c/$1$2$3.jpg last;
        rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+.jpg$ /img/c/$1$2.jpg last;

    }
    
    error_page 404 /index.php?controller=404;

   # Pass API requests to the webservice dispatcher
    location ^~ /api/ {
        rewrite ^/api/(.*) /webservice/dispatcher.php?url=$1 last;
    }


    # Cloudflare / Max CDN fix
    location ~* \.(eot|otf|ttf|woff|woff2)$ {
        add_header Access-Control-Allow-Origin *;
    }

#    location ~* \.(css|js|docx|zip|pptx|swf|txt|jpg|jpeg|png|gif|swf|webp|flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac)$ {
#      expires max;
#      log_not_found off;
#      add_header Pragma public;
#      add_header Cache-Control "public, must-revalidate, proxy-revalidate";
#    }

    # Deny access to .htaccess .DS_Store .htpasswd etc
    location ~ /\. {
        deny all;
    }

    # PHP 7 FPM part
    location ~ [^/]\.php(/|$) {

        fastcgi_index index.php;

        # Switch if needed
        include /etc/nginx/fastcgi_params;
        #include fcgi.conf;

        # Do not forget to update this part if needed
        fastcgi_pass 127.0.0.1:9000;  
        #fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        
        fastcgi_keep_conn on;
#        fastcgi_read_timeout 30s;
#        fastcgi_send_timeout 30s;

        # In case of long loading or 502 / 504 errors
        # fastcgi_buffer_size 256k;
        # fastcgi_buffers 256 16k;
        # fastcgi_busy_buffers_size 256k;
        client_max_body_size 10M;

        # Temp file tweak
        fastcgi_max_temp_file_size 0;
        fastcgi_temp_file_write_size 256k;

        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

   }

   # Allow access to robots.txt but disable logging every access
#   location = /robots.txt {
#       allow all;
#       log_not_found off;
#       access_log off;
#   }


   # Prevent injection of php files in directories a user can upload stuff
   location /upload {
       location ~ \.php$ { deny all; }
   }
   location /img {
       location ~ \.php$ {  deny all;}
   }

   # Ban access to source code directories
#   location ~ ^/(app|bin|cache|classes|config|controllers|docs|localization|override|src|tests|tools|translations|travis-scripts|vendor)/ {
#      deny all;
#   }

   # Banned file types
   location ~ \.(htaccess|yml|log|twig|sass|git|tpl)$ {
       deny all;
   }



#    ssl_trusted_certificate /etc/letsencrypt/live/beta.knihkupectvi-monami.cz/chain.pem; # managed by Certbot
#    ssl_stapling on; # managed by Certbot
#    ssl_stapling_verify on; # managed by Certbot


}

server { 
   listen 10.27.27.5:80;  listen 127.0.0.1;
    server_name  galerie.knihkupectvi-monami.cz;
    return       301 https://galerie.knihkupectvi-monami.cz$request_uri;
}

server {
   listen 10.27.27.5:80;  listen 127.0.0.1;
    server_name  cdn-monami.varak.cloud;
    return       301 https://cdn-monami.varak.cloud$request_uri;
}

server {
        listen 10.27.27.5:443 ssl http2; 
        server_name cdn-monami.varak.cloud;
	include ssl_params;
#    ssl_certificate /etc/letsencrypt/live/cdn-monami.varak.cloud/fullchain.pem; # managed by Certbot
#    ssl_certificate_key /etc/letsencrypt/live/cdn-monami.varak.cloud/privkey.pem; # managed by Certbot
        ssl_certificate /etc/certificates/varak.cloud.pem;
	ssl_certificate_key /etc/certificates/varak.cloud.key;

        add_header 'Access-Control-Allow-Origin' '*';
	expires $expires_monami;

                location / {
                root   /www/varak.cloud/cdn-monami.varak.cloud;
                index  index.html;
                autoindex off;
                autoindex_exact_size off;
        }


}

Zerion Mini Shell 1.0