#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {

  # Path to source
  alias __FINALPATH__/;

  # Add headers to serve security related headers
  more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;";
  more_set_headers "X-Content-Type-Options: nosniff";
  more_set_headers "X-XSS-Protection: 1; mode=block";
  more_set_headers "X-Robots-Tag: none";
  more_set_headers "X-Download-Options: noopen";
  more_set_headers "X-Permitted-Cross-Domain-Policies: none";
  more_set_headers "Referrer-Policy: no-referrer";

  # Set max upload size
  client_max_body_size 10G;
  fastcgi_buffers 64 4K;
  client_body_timeout 60m;
  proxy_read_timeout 60m;

  # Disable gzip to avoid the removal of the ETag header
  gzip off;

  index index.php;

  try_files $uri $uri/ index.php;
  location ~ [^/]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;

    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param REMOTE_USER $remote_user;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param SCRIPT_FILENAME $request_filename;
    fastcgi_param HTTPS on;
    fastcgi_param modHeadersAvailable true;
    fastcgi_intercept_errors on;
    fastcgi_read_timeout 60m;
    fastcgi_send_timeout 60m;
 }

  location ^~ __PATH__/(uploads|thumbs){
    deny all;
    }

  location ^~ __PATH__/private {
    deny all;
    location ~* __PATH__/private/temp/.*\.zip$ {
      allow all;
    }
  }

  location ^~ __PATH__/core {
    deny all;
    location ~* __PATH__/core/.*\.js$ {
      allow all;
    }
  }

  # Include SSOWAT user panel.
  include conf.d/yunohost_panel.conf.inc;
}