#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
	# Path to source
	alias __FINALPATH__/;
	
	# Force usage of https
	if ($scheme = http) {
		rewrite ^ https://$server_name$request_uri? permanent;
	}
	
	# Add headers to serve security related headers
	add_header Strict-Transport-Security "max-age=15768000;";
	add_header X-Content-Type-Options nosniff;
	add_header X-Frame-Options "SAMEORIGIN";
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Robots-Tag none;
	add_header X-Download-Options noopen;
	add_header X-Permitted-Cross-Domain-Policies none;
	
	# Set max upload size
	client_max_body_size 10G;
	client_body_timeout 30m;
	proxy_read_timeout 30m;
	fastcgi_buffers 64 4K;
	
	# Disable gzip to avoid the removal of the ETag header
	gzip off;
	
	index index.php;
	try_files $uri $uri/ index.php;
	
	location ~ [^/]\.php(/|$) {
		include fastcgi_params;
		fastcgi_split_path_info ^(.+?\.php)(/.*)$;
		fastcgi_pass unix:/var/run/php7.0-fpm-__NAME__.sock;
		fastcgi_index index.php;
		fastcgi_param REMOTE_USER $remote_user;
		fastcgi_param PATH_INFO $fastcgi_path_info;
		fastcgi_param SCRIPT_FILENAME $request_filename;
		fastcgi_param HTTPS on;
		fastcgi_param modHeadersAvailable true;
		fastcgi_intercept_errors on;
		fastcgi_read_timeout 30m;
		fastcgi_send_timeout 30m;
	}
	
	location ^~ __PATH__/(uploads|thumbs){
                deny all;
        }
	
	location ^~ __PATH__/private {
		deny all;
		location ~* __PATH__/private/temp/.*\.zip$ {
			allow all;
		}
	}
	        
	location ^~ __PATH__/core {
		deny all;
		location ~* __PATH__/core/.*\.js$ {
			allow all;
		}
	}
	
	# Include SSOWAT user panel.
	include conf.d/yunohost_panel.conf.inc;
}