root $ROOT;

	# ADDITIONAL DIRECTIVES HERE

	location = /robots.txt {
		log_not_found off;
		access_log off;
	}

	location = /favicon.ico {
		log_not_found off;
		access_log off;
	}

	location = /mailinabox.mobileconfig {
		alias /var/lib/mailinabox/mobileconfig.xml;
	}
	location = /.well-known/autoconfig/mail/config-v1.1.xml {
		alias /var/lib/mailinabox/mozilla-autoconfig.xml;
	}
	location = /mail/config-v1.1.xml {
		alias /var/lib/mailinabox/mozilla-autoconfig.xml;
	}
	location = /.well-known/mta-sts.txt {
		alias /var/lib/mailinabox/mta-sts.txt;
	}

	# Z-Push (Microsoft Exchange ActiveSync)
	location /Microsoft-Server-ActiveSync {
		include /etc/nginx/fastcgi_params;
		fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php;
		fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
		fastcgi_read_timeout 630;
		fastcgi_pass php-fpm;

		# Outgoing mail also goes through this endpoint, so increase the maximum
		# file upload limit to match the corresponding Postfix limit.
		client_max_body_size 128M;
	}
	location ~* ^/autodiscover/autodiscover.xml$ {
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php;
		fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
		fastcgi_pass php-fpm;
	}

	# Disable viewing dotfiles (.htaccess, .svn, .git, etc.)
	# This block is placed at the end. Nginx's precedence rules means this block
	# takes precedence over all non-regex matches and only regex matches that
	# come after it (i.e. none of those, since this is the last one.) That means
	# we're blocking dotfiles in the static hosted sites but not the FastCGI-
	# handled locations for Nextcloud (which serves user-uploaded files that might
	# have this pattern, see #414) or some of the other services.
	location ~ /\.(ht|svn|git|hg|bzr) {
		log_not_found off;
		access_log off;
		deny all;
	}