upstream phpfpm-sock {
    server {sock};
}

fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone={host}:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";

server {
    listen 80;

    server_name {host};
    root /home/{host}/public;

    index index.php;

    access_log /var/log/nginx/{host}-access.log;
    error_log /var/log/nginx/{host}-error.log;

    set $root "";
    if ($request_uri ~* "^(/wp-admin/.+)|(/wp-[^/]+\.php)" ){
        set $root "/wp-cms";
    }

    # Global restrictions configuration file.
    # Designed to be included in any server {} block.
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
    # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
    location ~ /\.(?!well-known).+ {
        deny all;
    }

    # Deny access to any files with a .php extension in the uploads directory
    # Works in sub-directory installs and also in multisite network
    # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
    location ~* /(?:uploads|files)/.*\.php$ {
        deny all;
    }

    # WordPress single site rules.
    # Designed to be included in any server {} block.

    # This order might seem weird - this is attempted to match last if rules below fail.
    # http://wiki.nginx.org/HttpCoreModule
    location / {
        try_files $uri $uri/ /wp-cms/$uri /wp-cms/$uri/ /wp-cms/index.php?$args;
    }

    # Add trailing slash to */wp-admin requests.
    rewrite /wp-admin$ $scheme://$host$uri/ permanent;

    # Directives to send expires headers and turn off 404 error logging.
    location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
        access_log off;
        log_not_found off;
        expires max;
    }

    # Pass all .php files onto a php-fpm/php-fcgi server.
    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(/.+?\.php)(/.*)$;
        if (!-f $document_root$root$fastcgi_script_name) {
            return 404;
        }
        # This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)

        include /etc/nginx/fastcgi_params;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$root$fastcgi_script_name;
        fastcgi_pass phpfpm-sock;
        fastcgi_cache {host};
        fastcgi_cache_valid 200 60m;
    }
}