server {

  listen 80;
  listen [::]:80;
  server_name domain.example.com;
  return 301 https://domain.example.com$request_uri;
}

server {

  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name domain.example.com;
  set $base /var/www/leantime;
  root $base/public;

  ssl_certificate /etc/ssl/domain.example.com/ssl-bundle.crt;
  ssl_certificate_key /etc/ssl/domain.example.com/domain.example.com.key;

  # logging
  access_log /var/log/nginx/leantime.access.log;
  error_log /var/log/nginx/leantime.error.log warn;

  # index.php
  index index.php;

  location ~.php$ {

    # 404
    try_files $fastcgi_script_name =404;

    # default fastcgi_params
    include fastcgi_params;

    # fastcgi settings
    fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
    fastcgi_index index.php;
    fastcgi_buffers 8 16k;
    fastcgi_buffer_size 32k;

    # fastcgi params
    fastcgi_param DOCUMENT_ROOT $realpath_root;
    fastcgi_param SCRIPT_FILENAME	$realpath_root$fastcgi_script_name;
    fastcgi_param PHP_ADMIN_VALUE	"open_basedir=$base/:/usr/lib/php/:/tmp/";

  }

  location / {
    try_files $uri $uri/ /index.php?$args;
  }


  # additional config
  # favicon.ico
  location = /favicon.ico {

    log_not_found off;
    access_log off;
  }

  # robots.txt
  location = /robots.txt {

    log_not_found off;
    access_log off;
  }

  # assets, media
  location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {

    expires 7d;
    access_log off;
  }

  # svg, fonts
  location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {

    add_header Access-Control-Allow-Origin "*";
    expires 7d;
    access_log off;
  }

  # gzip
  gzip on;
  gzip_vary on;
  gzip_proxied any;
  gzip_comp_level 6;
  gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

}