Nginx for Chamilo e-learning

$ sudo vi /etc/nginx/conf.d/chamilo.<yourDomain>

upstream chamilo.<yourDomain> {
  server 127.0.0.1:9101; 
}

server {
  if ($host = chamilo.<yourDomain>) { return 301 https://$host$request_uri; }

  listen 80;
  server_name chamilo.<yourDomain>;
  return 404; 
}

server {
  charset utf-8;

  listen 443 ssl http2;
  server_name chamilo.<yourDomain>;

  client_max_body_size 128M;

  access_log /var/log/nginx/chamilo.<yourDomain>-access.log;
  error_log /var/log/nginx/chamilo.<yourDomain>-error.log;
  location = /favicon.ico { log_not_found off; access_log off; }
  location = /robots.txt { log_not_found off; access_log off; }

  root /home/<yourDomain>/chamilo.<yourDomain>;
  index index.php;

  location @rewrite{
    rewrite ^certificates/$ certificates/index.php last;
    rewrite ^/courses/([^/]+)/$ /main/course_home/course_home.php?cDir=$1 last;
    rewrite ^/courses/([^/]+)/index.php$ /main/course_home/course_home.php?cDir=$1 last;
    rewrite ^/courses/([^/]+)/scorm/(.*([\.js|\.css|\.png|\.jpg|\.jpeg|\.gif]))$ app/courses/$1/scorm/$2 last;
    rewrite ^/courses/([^/]+)/scorm/(.*)$ /main/document/download_scorm.php?doc_url=/$2&cDir=$1 last;
    # Alternatively, you can choose to give direct access to all SCORM files, which is much faster but less secure
    # rewrite "^/courses/([^/]+)/scorm/(.*)$" /app/courses/$1/scorm/$2 break;

    rewrite "^/courses/([^/]+)/document/certificates/(.*)$" /app/courses/$1/document/certificates/$2 last;
    rewrite ^/courses/([^/]+)/document/(.*)$ /main/document/download.php?doc_url=/$2&cDir=$1 last;
    rewrite ^/courses/([^/]+)/upload/([^/]+)/(.*)$ /main/document/download_uploaded_files.php?code=$1&type=$2&file=$3 last;
    rewrite ^/courses/([^/]+)/work/(.*)$ /main/work/download.php?file=work/$2&cDir=$1 last;
    rewrite ^/courses/([^/]+)/upload/course_home_icons/(.*([\.png|\.jpg|\.jpeg|\.gif]))$ app/courses/$1/upload/course_home_icons/$2 last;
    rewrite ^/courses/([^/]+)/(.*)$ /app/courses/$1/$2 last;
    rewrite ^/session/([^/]+)/about/?$ /main/session/about.php?session_id=$1 last;
    rewrite ^/course/([^/]+)/about/?$ /main/course_info/about.php?course_id=$1 last;
    rewrite ^/badge/(\d+) /main/badge/issued.php?issue=$1 last;
    rewrite ^/skill/(\d+)/user/(\d+)$ /main/badge/issued_all.php?skill=$1&user=$2 last;
    rewrite ^/badge/(\d+)/user/(\d+)$ /main/badge/issued_all.php?skill=$1&user=$2 last;
    rewrite ^/main/exercice/(.*)$ /main/exercise/$1 last;
    rewrite ^/main/newscorm/(.*)$ /main/lp/$1 last;
    rewrite ^/service/(\d+)$ /plugin/buycourses/src/service_information.php?service_id=$1 last;
    rewrite "^/main/upload/users/(.*)/(.*)/my_files/(.*)$" /app/upload/users/$1/$2/my_files/$3 last;

    try_files $uri /index.php$is_args$args;
    break;
  }

  location / {
    try_files $uri @rewrite;
  }

  location /main {
    rewrite ^/main/admin/?$ /main/admin/index.php last;
  }

  location ~ \.php$ {
    client_max_body_size 128M;
    try_files $uri @rewrite;

    fastcgi_pass chamilo.<yourDomain>;
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param HTTPS off;
  }

  # Serve static files directly
  location ~* \.(png|jpe?g|gif|ico|js|css|mp3|swf|flv|mp4|ogg|woff|woff2)$ {
    rewrite ^/courses/([^/]+)/course-pic85x85.png$ /app/courses/$1/course-pic85x85.png last;
    rewrite ^/courses/([^/]+)/course-pic.png$ /app/courses/$1/course-pic.png last;
    rewrite ^/courses/([^/]+)/scorm/(.*)$ /main/document/download_scorm.php?doc_url=/$2&cDir=$1 last; 
    rewrite ^/courses/([^/]+)/document/(.*)$ /main/document/download.php?doc_url=/$2&cDir=$1 last;
    rewrite ^/courses/([^/]+)/work/(.*)$ /main/work/download.php?file=work/$2&cDir=$1 last;
    rewrite ^/courses/([^/]+)/upload/(.*)$ /app/courses/$1/upload/$2 last;
    # For all these media resources not treated by previous rewrites, give direct access (no permission check)
    rewrite ^/courses/(.*)$ /app/courses/$1 break;
    expires 30d;
    access_log off;
    try_files $uri @rewrite;
  }

  location ~ ~\.(ht|git){
    deny all;
  }

  location ^~ /tests/ {
    deny all;
  }

  #listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/chamilo.<yourDomain>/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/chamilo.<yourDomain>/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

$ sudo nginx -t
$ sudo systemctl restart nginx