server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	server_name scriptkitties.church;

	ssl_certificate /etc/letsencrypt/live/scriptkitties.church/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/scriptkitties.church/privkey.pem;

	include /etc/nginx/snippets.d/certbot.conf;
	include /etc/nginx/snippets.d/ssl.conf;
	include mime.types;

	root /var/www/church.scriptkitties;
	index index.php;

	autoindex off;
	fastcgi_param HTTPS on;
	client_max_body_size 10m;
	client_body_buffer_size 128k;

	location / {
		try_files $uri /index.php?pagename=$uri&$args;
	}

	location ^~ /.well-known/ {
		allow all;
		rewrite ^ /index.php?pagename=$uri;
	}

	location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {
		expires 30d;
		try_files $uri /index.php?pagename=$uri&$args;
	}

	location ~* \.php$ {
		try_files $uri =404;

		fastcgi_split_path_info ^(.+\.php)(/.+)$;

		fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;

		include /etc/nginx/snippets.d/fcgi.conf;
		fastcgi_index index.php;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

		fastcgi_buffers 16 16k;
		fastcgi_buffer_size 32k;
	}

	location ~* \.(tpl|md|tgz|log|out)$ {
		deny all;
	}

	location ~ /\. {
		deny all;
	}

	location ^~ /bin {
		deny all;
	}
}