server {
	listen         80;
	server_name    cloud.paris12.pcf.fr;
	return         301 https://$server_name$request_uri;
}

server {
	listen 443 ssl;
	server_name cloud.paris12.pcf.fr;

	root /var/www/owncloud/;

	access_log /var/log/nginx/cloud/access.log;
	error_log /var/log/nginx/cloud/error.log;

	client_max_body_size 10G;
	fastcgi_buffers 64 4K;

	rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
	rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
	rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

	index index.php;
	error_page 403 /core/templates/403.php;
	error_page 404 /core/templates/404.php;

	ssl_certificate /etc/letsencrypt/live/cloud.paris12.pcf.fr/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/cloud.paris12.pcf.fr/privkey.pem;

	location = /robots.txt {
		deny all;
		log_not_found off;
		access_log off;
	}

	location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
		deny all;
	}

	location / {
                # The following 2 rules are only needed with webfinger
		rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
		rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

		rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
		rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

		rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

		try_files $uri $uri/ /index.php;
	}

	location ~ \.php(?:$|/) {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		fastcgi_param PATH_INFO $fastcgi_path_info;
		fastcgi_param HTTPS on;
		fastcgi_pass php-handler-cloud;
	}

    location ^~ /adminbdd {
        root /var/www/;
		auth_basic "Halte ! Qui va la ?";
		auth_basic_user_file /etc/nginx/htpasswd;
        location ~ \.php {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param HTTPS on;
            fastcgi_pass php-handler-cloud;
        }
    }

	# set long EXPIRES header on static assets
	location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
		expires 30d;
		access_log off;
	}

	location ^~ /cartes-elections {
		proxy_pass http://127.0.0.1:8080;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection 'upgrade';
		proxy_set_header Host $host;
		proxy_cache_bypass $http_upgrade;
	}

	location ^~ /images/ {
		alias /var/www/images/;
	}
}