nginx.app.conf

index index.php index.html index.htm;

# Serve files from the well known folder
location ~ /.well-known {
    allow all;
}

# Don't serve hidden files.
location ~ /\. {
  deny all;
}

# 301 Redirect URLs with trailing /'s as per https://webmasters.googleblog.com/2010/04/to-slash-or-not-to-slash.html
if (!-d $request_filename) {
  rewrite ^/(.*)/$ /$1 permanent;
}

# Change // -> / for all URLs, so it works for our php location block, too
merge_slashes off;
rewrite (.*)//+(.*) $1/$2 permanent;

# For WordPress bots/users
location ~ ^/(wp-login|wp-admin|wp-config|wp-content|wp-includes|(.*)\.exe) {
    return 301 https://wordpress.com/wp-login.php;
}

# Access Log
access_log off;

location = /favicon.ico {
  log_not_found off;
}

location / {
  try_files     $uri $uri/ /index.php?$args;
}

# Craft-specific location handlers to ensure AdminCP requests route through index.php
# If you change your `cpTrigger`, change it here as well
location ^~ /admin {
    try_files $uri $uri/ /index.php?$query_string;
}
location ^~ /cpresources {
    try_files $uri $uri/ /index.php?$query_string;
}

location ~ \.php$ {
  include       fastcgi_params;
  fastcgi_index index.php;
  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

  # You must replace "SYSUSER" with the app's system user's name
  # and "APPNAME" with your app's name.
  ############################################################
  fastcgi_pass  unix:/srv/users/SYSUSER/run/APPNAME.php-fpm.sock;

  # Prevent arbitrary code execution by third parties with
  # try_files directive.
  # http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP
  try_files     $uri =404;
}