server
{
  server_name {{domain}};

  {% include 'roles/native-letsencrypt/templates/ssl_header.j2' %}

  # Remove X-Powered-By, which is an information leak
  fastcgi_hide_header X-Powered-By;

  # set max upload size
  client_max_body_size 10G;
  client_body_buffer_size 400M;
  fastcgi_buffers 64 4K;

  # Enable gzip but do not remove ETag headers
  gzip on;
  gzip_vary on;
  gzip_comp_level 4;
  gzip_min_length 256;
  gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
  gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;


  {% include 'roles/native-nginx-docker-proxy/templates/proxy_pass.conf.j2' %}

  location ^~ /.well-known {
    rewrite ^/\.well-known/host-meta\.json  /public.php?service=host-meta-json  last;
    rewrite ^/\.well-known/host-meta        /public.php?service=host-meta       last;
    rewrite ^/\.well-known/webfinger        /public.php?service=webfinger       last;
    rewrite ^/\.well-known/nodeinfo         /public.php?service=nodeinfo        last;

    location = /.well-known/carddav     { return 301 /remote.php/dav/; }
    location = /.well-known/caldav      { return 301 /remote.php/dav/; }

    try_files $uri $uri/ =404;
  }
}