# Nginx configuration

server_tokens off;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;

# Website and PHPBB forum over HTTP
server {
    listen 80 default_server;
    listen [::]:80 default_server;
		gzip on;
		gzip_static on;
		gzip_vary on;
		gzip_http_version 1.1;
		gzip_min_length 700;
		gzip_comp_level 6;
    server_name ${NGINX_HOST};
    error_log  /var/log/nginx/error.log;
    access_log /var/log/nginx/access.log;
    root /var/www/html/public;
		index index.php index.html index.htm;

    location ~ /\.ht {
    		deny all;
    }

		location /board {
				index index.php index.html index.htm;
        try_files $uri $uri/ @rewriteapp;
    }

    location @rewriteapp {
    		rewrite ^(.*)$ /app.php/$1 last;
    }

    # Deny access to internal phpbb files.
    location ~ /board(config\.php|common\.php|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
    		deny all;
        # deny was ignored before 0.8.40 for connections over IPv6.
        # Use internal directive to prohibit access on older versions.
        internal;
		}

		# Pass the php scripts to fastcgi server specified in upstream declaration.
    location ~ \.php(/|$) {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass php:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }

    # Correctly pass scripts for installer
    location /install/ {
        try_files $uri $uri/ @rewrite_installapp;

				location ~ \.php(/|$) {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass php:9000;
            fastcgi_index index.php;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
        }
		}

    location @rewrite_installapp {
        rewrite ^(.*)$ /board/install/app.php/$1 last;
    }

    # Deny access to version control system directories.
    location ~ /\.svn|/\.git {
        deny all;
        internal;
    }
}

# Website and PHPBB forum over HTTP
# server {
#     server_name ${NGINX_HOST};

#     listen 443 ssl;
#     fastcgi_param HTTPS on;

#     ssl_certificate /etc/ssl/server.pem;
#     ssl_certificate_key /etc/ssl/server.key;
#     ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;

#     index index.php index.html;
#     error_log  /var/log/nginx/error.log;
#     access_log /var/log/nginx/access.log;
#     root /var/www/html/public;

#     location ~ \.php$ {
#         try_files $uri =404;
#         fastcgi_split_path_info ^(.+\.php)(/.+)$;
#         fastcgi_pass php:9000;
#         fastcgi_index index.php;
#         include fastcgi_params;
#         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#         fastcgi_param PATH_INFO $fastcgi_path_info;
#     }
# }