# Redirect all HTTP to HTTPS.
server {
	listen 80;
	listen [::]:80 default_server ipv6only=on;

	server_name $PUBLIC_HOSTNAME;
	root /tmp/invalid-path-nothing-here;
	rewrite ^/(.*)$ https://$PUBLIC_HOSTNAME/$1 permanent;
}

# The secure HTTPS server.

server {
	listen 443 ssl;

	server_name $PUBLIC_HOSTNAME;

	ssl_certificate $STORAGE_ROOT/ssl/ssl_certificate.pem;
	ssl_certificate_key $STORAGE_ROOT/ssl/ssl_private_key.pem;
	include /etc/nginx/nginx-ssl.conf;

	# Expose this directory as static files.
	root $STORAGE_ROOT/www/static;
	index index.html index.htm;

	# Roundcube Webmail configuration.
	rewrite ^/mail$ /mail/ redirect;
	rewrite ^/mail/$ /mail/index.php;
	location /mail/ {
		index index.php;
		alias /var/lib/roundcube/;
	}
	location ~ /mail/.*\.php {
		include fastcgi_params;
		fastcgi_split_path_info ^/mail(/.*)()$;
		fastcgi_index index.php;
		fastcgi_param SCRIPT_FILENAME /var/lib/roundcube/$fastcgi_script_name;
		fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock;
		client_max_body_size 20M;
	}

}