worker_processes 1;
error_log stderr warn;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    include mime.types;
    default_type application/octet-stream;

    # Define custom log format to include reponse times
    log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for" '
                          '$request_time $upstream_response_time $pipe $upstream_cache_status';

    access_log /dev/stdout main_timed;
    error_log /dev/stderr notice;

    keepalive_timeout 65;

    # Write temporary files to /tmp so they can be created as a non-privileged user
    client_body_temp_path /tmp/client_temp;
    proxy_temp_path /tmp/proxy_temp_path;
    fastcgi_temp_path /tmp/fastcgi_temp;
    uwsgi_temp_path /tmp/uwsgi_temp;
    scgi_temp_path /tmp/scgi_temp;

    # Default server definition
    server {
        listen 8080 default_server;
        server_name _;

        sendfile off;

        # Set the forwarded_scheme variable based on the X-Forwarded-Proto header
        # This is used to maintain the original protocol used by the client
        # This is important when behind a reverse proxy that handles SSL termination
        set $forwarded_scheme "http";
        if ($http_x_forwarded_proto = "https") {
            set $forwarded_scheme "https";
        }


        # Increase proxy buffers for large requests
        proxy_buffer_size 128k;
        proxy_buffers 4 256k;
        proxy_busy_buffers_size 256k;

        # Upload limit
        client_max_body_size ${client_max_body_size};
        client_body_buffer_size 128k;

        root ${nginx_root_directory};
        index index.php index.html;

        location / {
            try_files $uri /index.php$is_args$args;
        }

        # Redirect server error pages to the static page /50x.html
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
            root /var/lib/nginx/html;
        }

        location ^~ /theme/ {
            alias /var/www/html/public/theme/;
            add_header 'Access-Control-Allow-Origin' '*' always;
            expires 30d;
            access_log off;
            try_files $uri =404;
        }

        # Pass the PHP scripts to PHP-FPM listening on socket
        location ~ [^/]\.php(/|$) {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/run/php-fpm.sock;
            fastcgi_param DOCUMENT_ROOT $document_root;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param SCRIPT_NAME $fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_index index.php;
            fastcgi_read_timeout ${nginx_fastcgi_read_timeout};
            include fastcgi_params;

            # Pass the original forwarded_scheme and HTTPS status to the PHP backend
            fastcgi_param HTTP_X_FORWARDED_PROTO $forwarded_scheme;
            fastcgi_param HTTPS $https if_not_empty;

            internal;
            
        }

        location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
            expires 5d;
        }

        # Deny access to . files, for security
        location ~ /\. {
            log_not_found off;
            deny all;
        }

        # Allow fpm ping and status from localhost
        location ~ ^/(fpm-status|fpm-ping)$ {
            access_log off;
            allow 127.0.0.1;
            deny all;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
            fastcgi_pass unix:/run/php-fpm.sock;
        }

        # Include additional server-specific configurations
        include /etc/nginx/server-conf.d/*.conf;
        
    }

    # Include other server configs
    include /etc/nginx/conf.d/*.conf;

    gzip on;
    gzip_proxied any;
    # Based on CloudFlare's recommended settings https://developers.cloudflare.com/speed/optimization/content/brotli/content-compression/
    gzip_types text/richtext text/plain text/css text/x-script text/x-component text/x-java-source text/x-markdown application/javascript application/x-javascript text/javascript text/js image/x-icon image/vnd.microsoft.icon application/x-perl application/x-httpd-cgi text/xml application/xml application/rss+xml application/vnd.api+json application/x-protobuf application/json multipart/bag multipart/mixed application/xhtml+xml font/ttf font/otf font/x-woff image/svg+xml application/vnd.ms-fontobject application/ttf application/x-ttf application/otf application/x-otf application/truetype application/opentype application/x-opentype application/font-woff application/eot application/font application/font-sfnt application/wasm application/javascript-binast application/manifest+json application/ld+json application/graphql+json application/geo+json;
    gzip_vary on;
    gzip_disable "msie6";

}