# Redirect all HTTP to HTTPS.
server {
	listen 80;
	listen [::]:80;

	server_name $HOSTNAME;
	root /tmp/invalid-path-nothing-here;
	rewrite ^/(.*)$ https://$HOSTNAME/$1 permanent;
}

# The secure HTTPS server.

server {
	listen 443 ssl;

	server_name $HOSTNAME;

	ssl_certificate $SSL_CERTIFICATE;
	ssl_certificate_key $SSL_KEY;
	include /etc/nginx/nginx-ssl.conf;

	# Expose this directory as static files.
	root $ROOT;
	index index.html index.htm;

	# Roundcube Webmail configuration.
	rewrite ^/mail$ /mail/ redirect;
	rewrite ^/mail/$ /mail/index.php;
	location /mail/ {
		index index.php;
		alias /var/lib/roundcube/;
	}
	location ~ /mail/.*\.php {
		include fastcgi_params;
		fastcgi_split_path_info ^/mail(/.*)()$;
		fastcgi_index index.php;
		fastcgi_param SCRIPT_FILENAME /var/lib/roundcube/$fastcgi_script_name;
		fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock;
		client_max_body_size 20M;
	}

	# Webfinger configuration.
	location = /.well-known/webfinger {
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME /usr/bin/mailinabox-webfinger.php;
		fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock;
	}
}