server {

        listen 80;
	root /var/www/osticket;

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;
        index index.php index.html index.htm;
	add_header X-XSS-Protection "1; mode=block";

        index index.php;
        client_max_body_size 2000M;
        client_body_buffer_size 100M;
        client_header_buffer_size 10M;
        large_client_header_buffers 2 10M;
 
        client_body_timeout 12;
        client_header_timeout 12;
        keepalive_timeout 15;
        send_timeout 10;
 
        gzip             on;
        gzip_comp_level  2;
        gzip_min_length  1000;
        gzip_proxied     expired no-cache no-store private auth;
        gzip_types       text/plain application/x-javascript text/xml text/css application/xml;
 
	set $path_info "";
 
	# Deny access to all files in the include directory
	location ~ ^/include {
		deny all;
		return 403;
	}

	# Deny access to apache .ht* files (nginx doesn't use these)
	location ~ /\.ht {
		deny all;
	}

	# Requests to /api/* need their PATH_INFO set, this does that
	if ($request_uri ~ "^/api(/[^\?]+)") {
		set $path_info $1;
	}

	# /api/*.* should be handled by /api/http.php if the requested file does not exist
	location ~ ^/api/(tickets|tasks|auth)(.*)$ {
	       try_files $uri $uri/ /api/http.php?$query_string;
	}

	# /scp/ajax.php needs PATH_INFO too, possibly more files need it hence the .*\.php
	if ($request_uri ~ "^/scp/.*\.php(/[^\?]+)") {
		set $path_info $1; 
	}

	# Make sure requests to /scp/ajax.php/some/path get handled by ajax.php
	location ~ ^/scp/ajax.php/(.*)$ {
		try_files $uri $uri/ /scp/ajax.php;
	}

	if ($request_uri ~ "^/ajax.php(/[^\?]+)") {
		set $path_info $1;
	} 

	location ~ ^/ajax.php/.*$ {
		try_files $uri $uri/ /ajax.php;
	}

	location / {
		index index.php;
		# try_files $uri $uri/ /index.php$is_args$args; 

           
        }

        location ~ \.php$ {
                try_files $uri =404;
		# fastcgi_split_path_info ^(.+\.php)(/.+)$;
		fastcgi_pass unix:/run/php/php8.1-fpm.sock;
		fastcgi_index index.php;
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		fastcgi_param SCRIPT_NAME $fastcgi_script_name;
		fastcgi_param PATH_INFO $path_info;

           }

           listen 443 ssl http2;
	   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
           ssl_certificate /etc/nginx/ssl/cert.crt;
           ssl_certificate_key /etc/nginx/ssl/cert.key;
	   ssl_protocols TLSv1.2 TLSv1.3;
	   ssl_ciphers TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:HIGH:!aNULL:!MD5;
}

server {
    if ($host = support.FQDN) {
        return 301 https://$host$request_uri;
    }

        listen 80;
        server_name support.FQDN;
	rewrite ^ https://support.FQDN permanent;
        return 404;


}