## NOTE: This file is automatically generated by Mail-in-a-Box.
##       Do not edit this file. It will be replaced each time
##       Mail-in-a-Box needs up update the web configuration.

upstream php-fpm {
    server unix:/var/run/php5-fpm.sock;
}

# Redirect all HTTP to HTTPS.
server {
	listen 80;
	listen [::]:80;

	server_name $HOSTNAME;
	root /tmp/invalid-path-nothing-here;
	rewrite ^/(.*)$ https://$HOSTNAME/$1 permanent;
}

# The secure HTTPS server.
server {
	listen 443 ssl;

	server_name $HOSTNAME;

	ssl_certificate $SSL_CERTIFICATE;
	ssl_certificate_key $SSL_KEY;
	include /etc/nginx/nginx-ssl.conf;

	# TODO: This is bad, we shouldnt hack it like this.
	root /usr/local/lib/owncloud;
	index index.html index.htm;

	# ownCloud configuration
	client_max_body_size 16G; # set max upload size
	fastcgi_buffers 64 4K;

	rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
	rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
	rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

	index index.php;
	error_page 403 /core/templates/403.php;
	error_page 404 /core/templates/404.php;

	location = /robots.txt {
		allow all;
		log_not_found off;
		access_log off;
	}

	location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
		deny all;
	}

	location / {
		# The following 2 rules are only needed with webfinger
		rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
		rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

		rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
		rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

		rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

		try_files $uri $uri/ index.php;
	}

	location ~ ^(.+?\.php)(/.*)?$ {
		try_files $1 = 404;

		# PHP specific configuration to deal with large file uploads
		fastcgi_param PHP_VALUE "upload_max_filesize = 16G";
		fastcgi_param PHP_VALUE "post_max_size = 16G";
		fastcgi_param PHP_VALUE "output_buffering = 16384";
		fastcgi_param PHP_VALUE "memory_limit = 512M";

		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME $document_root$1;
		fastcgi_param PATH_INFO $2;
		fastcgi_param HTTPS on;
		fastcgi_pass php-fpm;
	}

	# Optional: set long EXPIRES header on static assets
		location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
		expires 30d;
		# Optional: Don't log access to assets
		access_log off;
	}

	# Webfinger configuration.
	# TODO: fix this for owncloud
	location = /.well-known/webfinger {
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME /usr/local/bin/mailinabox-webfinger.php;
		fastcgi_pass php-fpm;
	}

	# Microsoft Exchange autodiscover.xml for email
	location /autodiscover/autodiscover.xml {
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME /usr/local/bin/mailinabox-exchange-autodiscover.php;
		fastcgi_pass php-fpm;
	}

	# Z-Push (Microsoft Exchange ActiveSync)
	location /Microsoft-Server-ActiveSync {
		include /etc/nginx/fastcgi_params;
		fastcgi_param PHP_VALUE "include_path=/usr/share/awl/inc";
		fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php;
		fastcgi_pass php-fpm;
	}

	# ADDITIONAL DIRECTIVES HERE
}