server_tokens off;
client_header_buffer_size 512;
client_max_body_size 512;

server {
    listen 80 default;
    listen [::]:80 ipv6only=on default;

    rewrite ^ https://$host$uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ipv6only=on ssl;

    root /var/www/fic-server/out/htdocs/;

    access_log /var/log/nginx/fic.access_log;
    error_log /var/log/nginx/fic.error_log;

    ssl_certificate		/var/www/fic-server/misc/shared/server.crt;
    ssl_certificate_key		/var/www/fic-server/misc/shared/server.key;
    ssl_protocols		TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers	on;
#    ssl_ciphers			ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
    ssl_ciphers			AES256+EECDH:AES256+EDH;
    ssl_client_certificate	/var/www/fic-server/misc/shared/cacert.crt;
    ssl_verify_client		optional;
    ssl_crl			/var/www/fic-server/misc/shared/crl.pem;

    add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;

    error_page 400 /errors/400/index.html;
    error_page 403 /errors/403/index.html;
    error_page 404 /errors/404/index.html;
    error_page 413 414 /errors/413/index.html;
    error_page 500 503 /errors/500/index.html;
    error_page 502 504 /errors/502/index.html;

    location /
    {
	default_type text/html;
	expires epoch;

	set $team 0;

	include /var/www/fic-server/misc/shared/nginx-teams.conf;

	if ($team) {
            root /var/www/fic-server/out/teams/$team$1;
	    rewrite ^/([0-9]+-?[a-zA-Z0-9_-]*)/([a-zA-Z0-9_]+)/submission$ /submission.php?team=$team&theme=$1&exercice=$2 last;
        }
	if ($team = 0) {
	    root /var/www/fic-server/out/htdocs/;
	}
    }

    location /errors
    {
	root /var/www/fic-server/out/;
    }

    location /connected
    {
        return 403;
    }

    location /files
    {
        root /var/www/fic-server/;

	# option to accelerate file delivery, require a custom nginx
    	#aio on;
    	directio 512;
    	output_buffers 1 128k;
    }

    location ~* \favicon.ico$ {
	root /var/www/fic-server/out/htdocs/;
        access_log off;
        expires 1d;
        add_header Cache-Control public;
    }

    location ~ ^/(assets|img|js|css|fonts)/ {
	root /var/www/fic-server/out/htdocs/;
        access_log off;
        expires 7d;
        add_header Cache-Control public;
    }

    location ~ /(\.ht|\.git|\.svn|\.onyx) {
        return 403;
    }

    location /submission.php
    {
	root	      /var/www/fic-server/front/;

    	limit_rate       4k;

        include /etc/nginx/fastcgi_params;
        fastcgi_pass  unix:/var/run/php-fpm.sock;
	break;
    }
}