## Managed by Ansible ##

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name {{ webserver_domain }} www.{{ webserver_domain }};
    # enforce https
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    http2 on;
    # Enable QUIC and HTTP/3.
    listen 443 quic reuseport default_server;
    listen [::]:443 quic reuseport default_server;
    http3 on;
    http3_hq on;
    quic_retry on;
    quic_gso on;

    server_name {{ webserver_domain }} www.{{ webserver_domain }};
    include global/cert.conf;
    include global/header.conf;

    # Path to the root of your installation
    root {{ wordpress_dir }}/src/web;

    add_header Strict-Transport-Security "max-age=63072000" always;

    index  index.php index.html index.htm;

    client_max_body_size 500M;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires max;
        log_not_found off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location ~ \.php$ {
         fastcgi_pass php-handler;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         include fastcgi_params;
    }
}