server {
	listen         80;
	server_name    cloud.paris12.pcf.fr;

    location ~ /\.well-known/acme-challenge {
        allow all;
        default_type "text/plain";
        root /var/www/nextcloud;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
	listen 443 ssl;
	server_name cloud.paris12.pcf.fr;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

	root /var/www/nextcloud/;

	access_log off;
	error_log /var/log/nginx/cloud/error.log;

	client_max_body_size 10G;
	fastcgi_buffers 64 4K;

    proxy_connect_timeout       1800;
    proxy_send_timeout          1800;
    proxy_read_timeout          1800;
    send_timeout                1800;

	rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
	rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
	rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

	index index.php;
	error_page 403 /core/templates/403.php;
	error_page 404 /core/templates/404.php;

	ssl_certificate /etc/letsencrypt/live/cloud.paris12.pcf.fr/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/cloud.paris12.pcf.fr/privkey.pem;

	location = /robots.txt {
		deny all;
		log_not_found off;
		access_log off;
	}

	location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
		deny all;
	}

	location / {
                # The following 2 rules are only needed with webfinger
		rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
		rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

		rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
		rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

		rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

		try_files $uri $uri/ /index.php;
	}

	location ~ \.php(?:$|/) {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		fastcgi_param PATH_INFO $fastcgi_path_info;
		fastcgi_param HTTPS on;
		fastcgi_pass php-handler-cloud;
        fastcgi_read_timeout 1800;
	}

    location ^~ /adminprinter {
	    auth_basic "Halte ! Qui va la ?";
	    auth_basic_user_file /etc/nginx/htpasswd;
		proxy_pass https://192.168.1.54/;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection 'upgrade';
		proxy_set_header Host $host;
		proxy_cache_bypass $http_upgrade;
    }

    location ^~ /adminbdd {
        root /var/www/;
	auth_basic "Halte ! Qui va la ?";
	auth_basic_user_file /etc/nginx/htpasswd;
        location ~ \.php {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param HTTPS on;
            fastcgi_pass php-handler-cloud;
        }
    }

	# set long EXPIRES header on static assets
	location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
		expires 30d;
		access_log off;
	}

	location ^~ /cartes-elections {
		proxy_pass http://127.0.0.1:8080;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection 'upgrade';
		proxy_set_header Host $host;
		proxy_cache_bypass $http_upgrade;
	}

	location ^~ /images/ {
		alias /var/www/images/;
	}

    location ^~ /petitions/logements-etudiants-jc {
        rewrite ^/petitions/logements-etudiants-jc /index.php/apps/forms/Pgoe5oGTpwAEFP6F permanent;
    }
}