server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	server_name {{ movim.domain }};
	ssl_certificate /etc/letsencrypt/live/{{ movim.domain }}/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/{{ movim.domain }}/privkey.pem;
    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_ciphers         HIGH:!aNULL:!MD5;

	# Where Movim public directory is setup
	root {{ movim.path }}/public;

	index index.php;

	# Ask nginx to cache every URL starting with "/picture"
	location /picture {
		set $no_cache 0; # Enable cache only there
		try_files $uri $uri/ /index.php$is_args$args;
	}

	location / {
		set $no_cache 1;
		try_files $uri $uri/ /index.php$is_args$args;
	}

	location ~ \.php$ {
		add_header X-Cache $upstream_cache_status;

		fastcgi_pass unix:/run/php/php8.2-fpm.sock;
		fastcgi_ignore_headers "Cache-Control" "Expires" "Set-Cookie";
		fastcgi_cache_valid any 7d;
		fastcgi_cache_bypass $no_cache;
		fastcgi_no_cache $no_cache;

		# Pass everything to PHP FastCGI, at the discretion of the administrator
		include fastcgi.conf;
	}

	location /ws/ {
		proxy_pass http://127.0.0.1:8080/;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "Upgrade";
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto https;
		proxy_redirect off;
		proxy_read_timeout 1800s;
		proxy_send_timeout 1800s;
	}
}