Nginx:Vhost MediaWiki

server {
         listen 80;
         listen [::]:80;
         server_name your-domain.com; 
 
         root /var/www/mediawiki;
         index index.php;
    
         error_log /var/log/nginx/your-domain.com.error;
         access_log /var/log/nginx/your-domain.com.access; 
 
         location / {
                 try_files $uri $uri/ /index.php;
         }
 
         location ~ /.well-known {
             allow all;
         }
 
         location ~ /\.ht {
           deny all;
          }
 
         location ~ \.php$ {
             fastcgi_pass unix:/run/php/php7.4-fpm.sock;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             include fastcgi_params;
             include snippets/fastcgi-php.conf;
         }
}

server {
         listen 80;
         listen [::]:80;
         listen 443 ssl http2;
         listen [::]:443 ssl http2;
         
         server_name your-domain.com;
         root /var/www/your-domain.com;
         index index.php;
    #Jika menggunakan [[ModSecurity]]
 	modsecurity on;
 	modsecurity_rules_file /etc/nginx/modsec/main.conf;
 
 	# Add headers to serve security related headers
 	add_header X-Content-Type-Options nosniff;
 	add_header X-XSS-Protection "1; mode=block";
 	add_header X-Robots-Tag none;
 	add_header X-Download-Options noopen;
 	add_header X-Permitted-Cross-Domain-Policies none;
 	add_header Referrer-Policy no-referrer;
         
         ssl_certificate /etc/ssl/certs/cloudflare_your-domain.com.pem;
         ssl_certificate_key /etc/ssl/private/cloudflare_key_your-domain.com.pem;
         ssl_client_certificate /etc/ssl/certs/origin-pull-ca.pem;
         ssl_verify_client on;
         
         error_log /var/log/nginx/your-domain.com.error;
         access_log /var/log/nginx/your-domain.com.access;
         
         location / {
                 try_files $uri $uri/ /index.php;
         }
 
         location ~ /.well-known {
             allow all;
         }
 
         location ~ /\.ht {
           deny all;
          }
          
         location /rest.php {
           try_files $uri $uri/ /rest.php?$args;
         }
 
 	location = /robots.txt {
 	  allow all;
 	log_not_found off;
 	access_log off;
 	}
 
         location ~ \.php$ {
             fastcgi_pass unix:/run/php/php7.4-fpm.sock;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             include fastcgi_params;
             include snippets/fastcgi-php.conf;
         }
}

server {
         server_name your-domain.com;
 
         root /var/www/your-domain.com;
         index index.php;
   
         error_log /var/log/nginx/your-domain.com.error;
         access_log /var/log/nginx/your-domain.com.access;
 
         location / {
                 try_files $uri $uri/ /index.php;
         }
 
         location ~ /.well-known {
             allow all;
         }
 
         location ~ /\.ht {
           deny all;
          }
 
 	location /rest.php {
 	  try_files $uri $uri/ /rest.php?$args;
 	}
 
         location ~ \.php$ {
             fastcgi_pass unix:/run/php/php7.4-fpm.sock;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             include fastcgi_params;
             include snippets/fastcgi-php.conf;
         }
 
     listen [::]:443 ssl ipv6only=on; # managed by Certbot
     listen 443 ssl; # managed by Certbot
     ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem; # managed by Certbot
     ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem; # managed by Certbot
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 
 
     add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
 
 
     ssl_trusted_certificate /etc/letsencrypt/live/your-domain.com/chain.pem; # managed by Certbot
     ssl_stapling on; # managed by Certbot
     ssl_stapling_verify on; # managed by Certbot
 
 } 
 server {
     if ($host = your-domain.com) {
         return 301 https://$host$request_uri;
     } # managed by Certbot
 
 
         listen 80;
         listen [::]:80;
         server_name kangtain.com;
 
         root /var/www/your-domain.com;
         index index.php;
   
         error_log /var/log/nginx/your-domain.com.error;
         access_log /var/log/nginx/your-domain.com.access;
 
         location / {
                 try_files $uri $uri/ /index.php;
         }
 
         location ~ /.well-known {
             allow all;
         }
 
         location ~ /\.ht {
           deny all;
          }
 
         location ~ \.php$ {
             fastcgi_pass unix:/run/php/php7.4-fpm.sock;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             include fastcgi_params;
             include snippets/fastcgi-php.conf;
         }
}

    location ~ \.php$ {
        include fastcgi_params;
        # fastcgi_index index.php;
        fastcgi_pass php_workers;
        # fastcgi_param HTTP_PROXY '';
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

    #Ini untuk mengatasinya
    location /rest.php {
        fastcgi_pass php_workers;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }