worker_processes 1; pid /var/run/nginx.pid; user nginx nginx; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { server_name hassio.local; listen 9541 default_server ssl; listen [::]:9541 default_server ssl; root /var/www/tasmoadmin; index index.php; ssl_certificate /ssl/%%certfile%%; ssl_certificate_key /ssl/%%keyfile%%; ssl_protocols TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA; ssl_ecdh_curve secp384r1; ssl_session_timeout 10m; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; location /data/ { deny all; } location ~ .php$ { fastcgi_pass 127.0.0.1:9001; fastcgi_read_timeout 900; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~ ^(.*)\.(css|js|gif||jpe?g|png|json|cache\.json)$ { } location / { rewrite ^/login$ /login.php last; rewrite ^/logout$ /login.php?logout=logout last; rewrite ^/doAjaxAll$ /index.php?doAjaxAll=doAjaxAll last; rewrite ^/doAjax$ /index.php?doAjax=doAjax last; rewrite "/([a-z]{2})/" /index.php?lang=$1 last; rewrite ^/([a-zA-Z_]+)/([a-zA-Z_]+)/([0-9_]+)/?$ /index.php?page=$1&action=$2&device_id=$3; rewrite ^/([a-zA-Z_]+)/(force)/?$ /index.php?page=$1&force=1; rewrite ^/([a-zA-Z_]+)/([a-zA-Z_]+)/?$ /index.php?page=$1&action=$2; rewrite ^/([a-zA-Z_]+)/([0-9]+)/?$ /index.php?page=$1&device_id=$2; rewrite ^/([a-zA-Z_]+)/?$ /index.php?page=$1; } } }