# Sample nginx config for Roundcube.

server {
	listen 443 ssl;
	listen [::]:443 ssl;
	server_name mail.example.org;

	access_log /var/log/nginx/mail.access.log main;
	error_log /var/log/nginx/mail.error.log warn;

	#ssl_certificate /etc/ssl/acme/mail.example.org/fullchain.pem;
	#ssl_certificate_key /etc/ssl/acme/mail.example.org/privkey.pem;

	# Set max upload size. Keep in sync with memory_limit, post_max_size,
	# and upload_max_filesize in /etc/php7/php-fpm.d/roundcube.conf.
	client_max_body_size 32M;

	root /usr/share/webapps/roundcube;
	index index.php index.html;

	# Enable HSTS Policy
	#add_header Strict-Transport-Security "max-age=315360000";

	location ~ ^/(bin|SQL)/ {
		deny all;
	}

	location ~ [^/]\.php(/|$) {
		fastcgi_split_path_info ^(.+\.php)(.*)$;

		if (!-f $document_root$fastcgi_script_name) {
			return 404;
		}
		fastcgi_pass unix:/run/roundcube/fastcgi.sock;
		fastcgi_keep_conn on;
		fastcgi_index index.php;

		include fastcgi.conf;
	}

	# Allow to cache static assets.
	location ~ ^/(plugins|skins|program)/ {
		add_header Cache-Control "public, max-age=2592000";
	}
}

server {
	listen 80;
	listen [::]:80;
	server_name mail.example.org;

	# Redirect to https://.
	location / {
		rewrite ^ https://$server_name$request_uri? permanent;
	}
}