# ----------------------------------------------------------------------
# | Config file for <?=$this->e($domain)?> host                                    |
# ----------------------------------------------------------------------

server {
  listen [::]:80;
  listen 80;
  server_name <?php if (!$subDomain) : ?>www.<?=$this->e($domain)?> <?php endif ?><?=$this->e($domain)?>;
  
  location ^~ /.well-known/acme-challenge/ {
      root /home/<?=$this->e($user)?>/<?=$this->e($domain)?>;
      try_files $uri =404;
  } 

  location / {
      return 301 https://<?=$this->e($domain)?>$request_uri;
  }
}

<?php if (!$subDomain) : ?>
server {
  listen [::]:443 ssl http2;
  listen 443 ssl http2;

  server_name www.<?=$this->e($domain)?>;

  include h5bp/tls/ssl_engine.conf;
  ssl_certificate /etc/letsencrypt/live/<?=$this->e($domain)?>/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/<?=$this->e($domain)?>/key.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/<?=$this->e($domain)?>/ca.pem;
  include h5bp/tls/policy_strict.conf;

  return 301 $scheme://<?=$this->e($domain)?>$request_uri;
}
<?php endif ?>

server {
  listen [::]:443 ssl http2;
  listen 443 ssl http2;

  # The host name to respond to
  server_name <?=$this->e($domain)?>;

  include h5bp/tls/ssl_engine.conf;
  <?php if ($subDomain) : ?>
  include h5bp/tls/certificate_files.conf;
  <?php else : ?>
  ssl_certificate /etc/letsencrypt/live/<?=$this->e($domain)?>/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/<?=$this->e($domain)?>/key.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/<?=$this->e($domain)?>/ca.pem;
  <?php endif ?>
  include h5bp/tls/policy_strict.conf;

  # Path for static files
  root /home/<?=$this->e($user)?>/<?=$this->e($domain)?>;

  # Custom error pages
  include h5bp/errors/custom_errors.conf;

  # Include the basic h5bp config set
  include h5bp/basic.conf;
  
  access_log /var/log/nginx/<?=$this->e($domain)?>-access.log;
  error_log  /var/log/nginx/<?=$this->e($domain)?>-error.log error;
  index index.php index.html index.htm;

  location / {
    <?php if (!empty($herseUser) && !empty($hersePass)) : ?>
    auth_basic "Accès restreint";
    auth_basic_user_file /home/<?=$this->e($user)?>/<?=$this->e($domain)?>/.htpasswd;
    <?php endif ?>
    try_files $uri $uri/ /index.php$is_args$args;
  }
  
  # private folder for YesWiki
  location ~* /(.*/)?private/ {
    deny all;
    return 403;
  }

  location ~ \.php$ {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/run/php-fpm-<?=$this->e($user)?>.sock;
    fastcgi_index index.php;
    include fastcgi.conf;
  }
}