HEX
Server: nginx/1.24.0
System: Linux webserver-one 6.8.0-101-generic #101-Ubuntu SMP PREEMPT_DYNAMIC Mon Feb 9 10:15:05 UTC 2026 x86_64
User: www-data (33)
PHP: 8.4.18
Disabled: NONE
$ pwd: /etc/nginx/sites-enabled/
Upload Files
File: //etc/nginx/sites-enabled/csmcri-res-in-d10
server {
	listen 80;
	server_name icloud.csmcri.org;

	# Prevent nginx HTTP Server Detection
	#server_tokens off;

	# Enforce HTTPS
	#return 301 https://$server_name$request_uri;

	# Path to the root of your installation
	root /srv/www/csmcri-res-in-d10/web;
    index index.php index.html;

    access_log /var/log/nginx/csmcri-res-in-d10_access.log;
    error_log  /var/log/nginx/csmcri-res-in-d10_error.log;

    # Redirect bare "/" to /home
    #location = / {
    #    return 301 /home;
    #}

    # ----------------------------
    # Security: deny hidden files
    # ----------------------------
    location ~ (^|/)\. {
        return 403;
    }

    location ~ ^/sites/.*/private/ {
        deny all;
    }

    location ~ ^/sites/[^/]+/files/.*\.php$ {
        deny all;
    }

    location ~* \.(engine|inc|install|make|module|profile|po|sh|sql|theme|twig|tpl|yml)$ {
        deny all;
    }

    # ----------------------------
    # Allow .well-known
    # ----------------------------
    location ~* ^/.well-known/ {
        allow all;
    }

    # ----------------------------
    # DRUPAL IMAGE STYLES (CRITICAL)
    # ----------------------------
    location ~ ^/sites/.*/files/styles/ {
        try_files $uri /index.php?$query_string;
    }

    location ~ ^/system/files/ {
        try_files $uri /index.php?$query_string;
    }

    # ----------------------------
    # MAIN DRUPAL FRONT CONTROLLER
    # ----------------------------
    location / {
        try_files $uri /index.php?$query_string;
    }

    # ----------------------------
    # PHP-FPM
    # ----------------------------
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_pass unix:/run/php/php8.4-fpm.sock;
        fastcgi_intercept_errors on;
    }

    # ----------------------------
    # STATIC FILES (SAFE)
    # ----------------------------
    location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
        try_files $uri =404;
        expires 6M;
        access_log off;
        log_not_found off;
        add_header Cache-Control "public";
    }

    # ----------------------------
    # CLEAN URL FIX
    # ----------------------------
    if ($request_uri ~* "^(.*/)index\.php/(.*)") {
        return 307 $1$2;
    }

    # ----------------------------
    # Favicon & robots
    # ----------------------------
    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }
}
@ Telegram