Below is my conf for my SUBDOMAIN, just replace your SUBDOMAIN to you own sub domain. I haven't figure out the part to "deny from all" and access with https. It will helpful if others can chip in too. Thank
=====================================================================
server {
listen 80;
server_name SUBDOMAIN;
root /srv/www/SUBDOMAIN/public_html;
access_log /srv/www/SUBDOMAIN/logs/access.log;
error_log /srv/www/SUBDOMAIN/logs/error.log;
index index.php;
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ {
access_log off;
log_not_found off;
expires 30d;
}
location ~ .php(/|$) {
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass localhost:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi_params;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
}