# -*- mode: python; encoding: utf-8 -*-

info["owner"] = "root"
info["group"] = "root"
info["mode"] = 0644

comment_start = "#"

out("""server {
  listen 80;
  listen [::]:80 ipv6only=on;
  server_name phabricator phabricator.crans.org;

  return 301 https://phabricator.crans.org$request_uri;
  # On spécifie au client qu'il ne doit pas faire de HTTP ici
  add_header Strict-Transport-Security "max-age=31536000";
}

server {
  listen 443;
  listen [::]:443 ipv6only=on;
  server_name phabricator phabricator.crans.org;
  root        /var/phabricator/phabricator/webroot;

  ssl on;
  ssl_certificate /etc/ssl/certs/phabricator.pem;
  ssl_certificate_key /etc/ssl/private/phabricator.key;

  location / {
    index index.php;
    rewrite ^/(.*)$ /index.php?__path__=/$1 last;
  }

  location = /favicon.ico {
    try_files $uri =204;
  }

  location /index.php {
    fastcgi_pass   unix:/var/run/php5-fpm.sock;
    fastcgi_index   index.php;

    #required if PHP was built with --enable-force-cgi-redirect
    fastcgi_param  REDIRECT_STATUS    200;

    #variables to make the $_SERVER populate in PHP
    fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
    fastcgi_param  QUERY_STRING       $query_string;
    fastcgi_param  REQUEST_METHOD     $request_method;
    fastcgi_param  CONTENT_TYPE       $content_type;
    fastcgi_param  CONTENT_LENGTH     $content_length;

    fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;

    fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
    fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

    fastcgi_param  REMOTE_ADDR        $remote_addr;
  }
}""")