location #LOCATION# {
    alias #DESTDIR#;
    if ($scheme = http) {
        rewrite ^ https://$server_name$request_uri? permanent;
    }

    #fastcgi_buffers 64 4K;

    rewrite ^#PATH#/caldav(.*)$ #PATH#/remote.php/caldav$1 redirect;
    rewrite ^#PATH#/carddav(.*)$ #PATH#/remote.php/carddav$1 redirect;
    rewrite ^#PATH#/webdav(.*)$ #PATH#/remote.php/webdav$1 redirect;

    error_page 403 #PATH#/core/templates/403.php;
    error_page 404 #PATH#/core/templates/404.php;

    rewrite ^#PATH#/.well-known/host-meta #PATH#/public.php?service=host-meta last;
    rewrite ^#PATH#/.well-known/host-meta.json #PATH#/public.php?service=host-meta-json last;

    rewrite ^#PATH#/.well-known/carddav #PATH#/remote.php/carddav/ redirect;
    rewrite ^#PATH#/.well-known/caldav #PATH#/remote.php/caldav/ redirect;

    rewrite ^(#PATH#/core/doc/[^\/]+/)$ $1/index.html;

    client_max_body_size 10G;
    index index.php;
    try_files $uri $uri/ /index.php;
    location ~ [^/]\.php(/|$) {
       fastcgi_split_path_info ^(.+?\.php)(/.*)$;
       fastcgi_pass unix:/var/run/php5-fpm-#APP#.sock;
       include fastcgi_params;
       fastcgi_param REMOTE_USER $remote_user;
       fastcgi_param PATH_INFO $fastcgi_path_info;
       fastcgi_param HTTPS on;
       fastcgi_param SCRIPT_FILENAME $request_filename;
       fastcgi_param modHeadersAvailable true;
       fastcgi_buffers 64 4K;
    }
    location ~ robots\.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
    gzip off;

    # Add headers to serve security related headers
    add_header Strict-Transport-Security "max-age=15768000;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;

    # show YunoHost panel access
    include conf.d/yunohost_panel.conf.inc;
}

location ~ ^#PATH#/(data|config|\.ht|db_structure\.xml|README) {
      deny all;
}