[fix] Imrpove nginx conf without .well-known blocking (fix #2)

conf/nginx.conf

@@ -1,10 +1,32 @@
 location {LOCATION} {
     alias {DESTDIR}/www/;
+
+    # Force HTTPS
     if ($scheme = http) {
         rewrite ^ https://$server_name$request_uri? permanent;
     }
+
+    # Default indexes and catch-all
     index index.html index.php;
-    try_files $uri $uri/ index.php;
+    try_files $uri $uri/ {PATH}/index.php?$args;
+
+    # Prevent useless logs
+    location = {PATH}/favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+    location = {PATH}/robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    # Deny access to hidden files and directories
+    location ~ ^{PATH}/(.+/|)\.(?!well-known\/) {
+        deny all;
+    }
+
+    # Execute and serve PHP files
     location ~ [^/]\.php(/|$) {
         fastcgi_split_path_info ^(.+?\.php)(/.*)$;
         fastcgi_pass unix:/var/run/php5-fpm-{POOLNAME}.sock;
@@ -15,17 +37,6 @@ location {LOCATION} {
         fastcgi_param SCRIPT_FILENAME $request_filename;
     }
 
-    location = {PATH}/robots.txt {
-        allow all;
-        log_not_found off;
-        access_log off;
-    }
-
     # Include SSOWAT user panel.
     include conf.d/yunohost_panel.conf.inc;
 }
-
-# Deny access to hidden files and directories
-location ~ ^{PATH}/\. {
-    deny all;
-}