#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
		alias __FINALPATH__/;
		index index.php;

		if (!-e $request_filename)
		{
			rewrite ^(.+)$ __PATH__/index.php?q=$1 last;
		}
		if ($scheme = http) {
			rewrite ^ https://$server_name$request_uri? permanent;
		}
		client_max_body_size 30m;

		# Add headers to serve security related headers
		more_set_headers "Strict-Transport-Security: max-age=15768000";
		more_set_headers "X-Content-Type-Options: nosniff";
		more_set_headers "X-Frame-Options: SAMEORIGIN";
		more_set_headers "X-XSS-Protection: 1; mode=block";
		more_set_headers "X-Download-Options: noopen";
		more_set_headers "X-Permitted-Cross-Domain-Policies: none";

		location ~* \.(jpg|jpeg|gif|css|png|js|ico|swf|mp3|pdf)$ {
			# Le contenu statique, est signalé au navigateur comme étant
			# à garder en cache une semaine. Si il y a un proxy sur la
			# route, celui-ci est autorisé à faire une copie et à la
			# cacher.
			expires        1w;
			more_set_headers "Cache-Control: public";
		}
		location ~ [^/]\.php(/|$) {
			fastcgi_split_path_info ^(.+?\.php)(/.*)$;
			fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
			fastcgi_index index.php;
			include fastcgi_params;
			# https://learn.getgrav.org/webservers-hosting/servers/nginx#fix-against-httpoxy-vulnerability
			fastcgi_param HTTP_PROXY "";
			fastcgi_param REMOTE_USER $remote_user;
			fastcgi_param PATH_INFO $fastcgi_path_info;
			fastcgi_param SCRIPT_FILENAME $request_filename;
		}

			## Begin - Security
			# deny all direct access for these folders
			location ~* /(.git|cache|bin|logs|backups)/.*$ { return 403; }
			# deny running scripts inside core system folders
			location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
			# deny running scripts inside user folder
			location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
			# deny access to specific files in the root folder
			location ~ /(LICENSE|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
			## End - Security

		#--PRIVATE--# Include SSOWAT user panel.
		#--PRIVATE--include conf.d/yunohost_panel.conf.inc;
}