define('WP_ALLOW_MULTISITE', true);

define('MULTISITE', true);
define('SUBDOMAIN_INSTALL', false);
define('DOMAIN_CURRENT_SITE', 'www.domain.com');
define('PATH_CURRENT_SITE', '/');
define('SITE_ID_CURRENT_SITE', 1);
define('BLOG_ID_CURRENT_SITE', 1);

# Upstream to abstract backend connection(s) for php
upstream php {
        server unix:/tmp/php-cgi.sock;
        server 127.0.0.1:9000;
}
map $http_host $blogid {
    default               0;
    include /home/wwwroot/www.domain.com/wp-content/uploads/nginx-helper/map.conf;
}
server {
    server_name www.domain.com;
    root /home/wwwroot/www.domain.com;

    index index.php;

#    include global/restrictions.conf;
    # Global restrictions configuration file.
    # Designed to be included in any server {} block.
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
    # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
    location ~ /\. {
        deny all;
    }

    # Deny access to any files with a .php extension in the uploads directory
    # Works in sub-directory installs and also in multisite network
    # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
    location ~* /(?:uploads|files)/.*\.php$ {
        deny all;
    }
    # Additional rules go here.
    # Only include one of the files below.
#    include global/wordpress.conf;
    # WordPress multisite subdirectory rules.
    # Designed to be included in any server {} block.

    # This order might seem weird - this is attempted to match last if rules below fail.
    # http://wiki.nginx.org/HttpCoreModule
    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    # Directives to send expires headers and turn off 404 error logging.
    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires 24h;
        log_not_found off;
    }

    location ~ ^/[_0-9a-zA-Z-]+/files/(.*)$ {
            try_files /wp-content/blogs.dir/$blogid/files/$2 /wp-includes/ms-files.php?file=$2 ;
            access_log off; log_not_found off; expires max;
    }

    #avoid php readfile()
    location ^~ /blogs.dir {
            internal;
            alias /var/www/example.com/htdocs/wp-content/blogs.dir ;
            access_log off; log_not_found off;      expires max;
    }

    # Uncomment one of the lines below for the appropriate caching plugin (if used).
    #include global/wordpress-ms-subdir-wp-super-cache.conf;
    #include global/wordpress-ms-subdir-w3-total-cache.conf;

    # Rewrite multisite '.../wp-.*' and '.../*.php'.
    if (!-e $request_filename) {
        rewrite /wp-admin$ $scheme://$host$uri/ permanent;
        rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
        rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
    }

    # Pass all .php files onto a php-fpm/php-fcgi server.
    location ~ \.php$ {
        # Zero-day exploit defense.
        # http://forum.nginx.org/read.php?2,88845,page=3
        # Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine.  And then cross your fingers that you won't get hacked.
        try_files $uri =404;

        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini

        include fastcgi_params;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    #    fastcgi_intercept_errors on;
        fastcgi_pass php;
    }

#    include global/wordpress-ms-subdir.conf;
#    include global/wordpress-ms-subdomain.conf;
}