server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name {{ strichliste_domain }};

	ssl_certificate_key /etc/nginx/ssl/{{ strichliste_domain }}.key;
	ssl_certificate /etc/nginx/ssl/{{ strichliste_domain }}.crt;

    root /var/www/strichliste/public;

    location / {
        # try to serve file directly, fallback to index.php
        try_files $uri /index.php$is_args$args;
    }

    location ~ ^/index\.php(/|$) {
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;

        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;

        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass unix:/run/php/php-fpm.sock;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;

        # Prevents URIs that include the front controller. This will 404:
        # http://domain.tld/index.php/some-path
        # Remove the internal directive to allow URIs like this
        internal;
    }

    # return 404 for all other php files not matching the front controller
    # this prevents access to other php files you don't want to be accessible.
    location ~ \.php$ {
        return 404;
    }


}

server {
    listen [::]:80;
    listen 80;

    server_name {{ strichliste_domain }};

    if ($host = {{ strichliste_domain }}) {
        return 301 https://$host$request_uri;
    }

    return 404;
}