project_start/conf/nginx/nginx_config_prod.conf

server {
    listen 8080 ssl;

    gzip on;
    gzip_comp_level 5;
    gzip_disable "msie6";
    gzip_types text/plain text/css application/javascript;

    ssl_certificate /etc/letsencrypt/live/new2.spavto96.ru/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/new2.spavto96.ru/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/new2.spavto96.ru/chain.pem;

    server_name  new2.spavto96.ru;

    location / {
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_pass http://adminer:8080;

        auth_basic "Restricted Content";
        auth_basic_user_file /home/passwd/.htpasswd;
    }
}

server {
    listen 80;
    listen [::]:80 default_server;

    server_name new2.spavto96.ru;

    location ^~ /.well-known/acme-challenge/ {
        alias /var/www/letsencrypt/.well-known/acme-challenge/;
    }

    location ^~ /img/ {
        alias /var/www/html/public/img/;
    }

    location / {
        return 301 https://$server_name$request_uri;
    }
}

server {
	listen 443 ssl;

	ssl_certificate /etc/letsencrypt/live/new2.spavto96.ru/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/new2.spavto96.ru/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/new2.spavto96.ru/chain.pem;

	server_name www.new2.spavto96.ru;

	return 301 https://new2.spavto96.ru$request_uri;
}

server {
    listen 443 ssl http2;

    gzip on;
    gzip_comp_level 5;
    gzip_disable "msie6";
    gzip_types text/plain text/css application/javascript;

    ssl_certificate /etc/letsencrypt/live/new2.spavto96.ru/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/new2.spavto96.ru/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/new2.spavto96.ru/chain.pem;

    client_max_body_size 32m;

    fastcgi_read_timeout 1m;
    proxy_read_timeout 1m;

    set $host_path "/var/www";

    server_name  new2.spavto96.ru;
    root   $host_path/html/public;
    set $bootstrap "index.php";

    charset utf-8;

    # rewrite ^/img/shop/(.*)$ /img-handler.php?img=$1 last;

    location ^~ /.well-known/acme-challenge/ {
        root /var/www/letsencrypt/;
        allow all;
    }

    location ~ ^/img/shop/(.*)$ {
        # Проверяем существование файла
        try_files $uri /front_img-handler.php?img=$1;
    }

    location ~ ^/img/vehicle-previews/(.*)$ {
        # Проверяем существование файла
        try_files $uri /dismantle_img-handler.php?img=356x280_$1;
    }

    location ~ ^/img/vehicle-original/(.*)$ {
        # Проверяем существование файла
        try_files $uri /dismantle_img-handler.php?img=1700x750_$1;
    }

    location ~ ^/img/vehicle-big-previews/(.*)$ {
        # Проверяем существование файла
        try_files $uri /dismantle_img-handler.php?img=874x489_$1;
    }

    rewrite ^/img-prev/(.*)$ /img-handler.php?img=$1 last;

    location / {
        index  index.html $bootstrap;
        try_files $uri $uri/ /$bootstrap?$args;

        auth_basic "Restricted Content";
        auth_basic_user_file /home/passwd/.htpasswd;
    }

    # отключаем обработку запросов к несуществующим статичным файлам
    location ~ \.(js|css|png|jpg|jpeg|gif|swf|ico|pdf|mov|fla|zip|rar|svg)$ {
        try_files $uri =404;
    }

    # передаем PHP-скрипт серверу FastCGI, прослушивающему адрес 127.0.0.1:9000
    location ~ \.php {
        fastcgi_split_path_info  ^(.+\.php)(.*)$;

        # позволяем перехватывать запросы к несуществующим PHP-файлам
        set $fsn /$bootstrap;
        if (-f $document_root$fastcgi_script_name){
            set $fsn $fastcgi_script_name;
        }

        include /etc/nginx/fastcgi.conf;
        #fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
        fastcgi_pass php:9000;
        include fastcgi_params;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fsn;
        #fastcgi_param  QUERY_STRING     $query_string;

        # PATH_INFO и PATH_TRANSLATED могут быть опущены, но стандарт RFC 3875 определяет для CGI
        fastcgi_param  PATH_INFO        $fastcgi_path_info;
        fastcgi_param  PATH_TRANSLATED  $document_root$fsn;
    }

    # не позволять nginx отдавать файлы, начинающиеся с точки (.htaccess, .svn, .git и прочие)
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }
}