diff --git a/docs/rolereference.rst b/docs/rolereference.rst
index 86f3b8ee7e72204c9efe9043b4a26e741f34e513..7cc71b4bbd1810a6eb5d32e839b524754cb1bdd3 100644
--- a/docs/rolereference.rst
+++ b/docs/rolereference.rst
@@ -959,13 +959,22 @@ Parameters
   for calculating the user/group name for dedicated website user, as well as
   home directory of the website user (where data/code should be stored at).
 
-**php_rewrite_url** (string, optional)
-  If implementing some form of clean URL schema, this parameter can be used for
-  defining how the clean URLs should be mapped onto actual PHP scripts. When
-  specifying this parameter, one special variable is available - ``$suburi``
-  (which is the URI requested by HTTP client, usually in clean URL form). This
-  is in addition to any other variables provided out of the box by ``nginx``
-  (like ``$args`` and such).
+**index** (string, optional)
+  Space-separated list of files which should be treated as index files by the
+  web server. The web server will attempt opening these index files, in
+  succession, until the first match, or until it runs out of matches, when a
+  client requests an URI pointing to directory. Default is ``index.php``.
+
+**php_file_regex** (string, optional)
+  Regular expression used for determining which file should be interepted via
+  PHP. Default is ``\.php$``.
+
+**php_rewrite_urls** (list, optional)
+  A list of rewrite rules that are applied to incoming requests. These rewrite
+  rules are specifically targetted at prettying-up the URLs used by the PHP
+  scripts. Each element of the list should be a string value compatible with the
+  format of ``nginx`` option ``rewrite``. The keyword ``rewrite`` itself should
+  be omitted, as well as trailing semi-colon (``;``).
 
 **rewrites** (list, optional)
   A list of rewrite rules that are applied to incoming requests. Each element of
@@ -996,7 +1005,7 @@ Here is an example configuration for setting-up a (base) PHP website (for runnin
       fqdn: cloud.example.com
       uid: 2001
       admin: admin
-      php_rewrite_url: /index.php
+      php_file_regex: \.php($|/)
       rewrites:
         - ^/\.well-known/host-meta /public.php?service=host-meta
         - ^/\.well-known/host-meta\.json /public.php?service=host-meta-json
diff --git a/roles/php_website/defaults/main.yml b/roles/php_website/defaults/main.yml
index 10a4e5926fda3faf945f1de8ac1c7e091a104c40..b1877a04bbba9bb79f13584ebaa5e1881f601bf8 100644
--- a/roles/php_website/defaults/main.yml
+++ b/roles/php_website/defaults/main.yml
@@ -1,6 +1,8 @@
 ---
 
 deny_files_regex: []
+index: index.php
 packages: []
-php_rewrite_url: ""
+php_file_regex: \.php$
+php_rewrite_urls: []
 rewrites: []
diff --git a/roles/php_website/templates/nginx_site.j2 b/roles/php_website/templates/nginx_site.j2
index 543f5ce09396f483d3989083368e1cb4c57df88c..f43a06a54841456e4b397966b61170278f6f3fca 100644
--- a/roles/php_website/templates/nginx_site.j2
+++ b/roles/php_website/templates/nginx_site.j2
@@ -1,42 +1,41 @@
 server {
+    # Base settings.
     listen 80;
-
     root {{ home }}/htdocs/;
-
-    index index.php;
-
+    index {{ index }};
     server_name {{ fqdn }};
 
-    # Site rewrites.
+    # Generic URL rewrites.
     {% for rewrite in rewrites -%}
     rewrite {{ rewrite }};
     {% endfor %}
 
-    # Interpret PHP files via FastCGI.
-    location ~ \.php($|/) {
-        include snippets/fastcgi-php.conf;
-        fastcgi_pass unix:/var/run/php5-fpm/{{ fqdn }}.sock;
-    }
-
-    # Deny access to all hidden files (this will prevent access to
-    # .htaccess too).
-    location ~ /\. {
-        deny all;
-    }
-
-    {% for regex in deny_files_regex -%}
+    {% if deny_files_regex -%}
     # Deny access to user-specified files.
+    {% for regex in deny_files_regex -%}
     location ~ {{ regex }} {
         deny all;
     }
     {% endfor %}
+    {% endif %}
+
+    # Interpret PHP files via FastCGI.
+    location ~ {{ php_file_regex }} {
+        include snippets/fastcgi-php.conf;
+        fastcgi_pass unix:/var/run/php5-fpm/{{ fqdn }}.sock;
+    }
 
-    {% if php_rewrite_url -%}
-    # Serve the remaining files directly or rewrite request for PHP processing
-    # (clean URLs).
+    # Serve the files.
     location ~ /(.*) {
-        set $suburi $1;
-	try_files $uri $uri/ {{ php_rewrite_url }};
+	try_files $uri $uri/{% if php_rewrite_urls %}@php_rewrite{% endif %};
+    }
+
+    {% if php_rewrite_urls -%}
+    # Apply URL rewrites.
+    location @php_rewrite {
+        {% for rewrite in php_rewrite_urls -%}
+        rewrite {{ rewrite }};
+        {% endfor %}
     }
     {% endif %}