server {
    listen 80;
    server_name bambolo.ru .bambolo.ru;

    location /.well-known/acme-challenge/ {
        root /var/www/html/www;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl http2;
    server_name bambolo.ru .bambolo.ru;

    root /var/www/html/www;
    index index.php;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ssl_certificate /etc/letsencrypt/live/bambolo.ru/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/bambolo.ru/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    client_max_body_size 128M;

    location / {
        rewrite ^/(.*)/$ /$1 permanent;

        if ($scheme != 'https') {
            return 301 https://$host$request_uri;
        }

        if ($host != "bambolo.ru") {
            return 301 https://bambolo.ru$request_uri;
        }

        rewrite ^/index.php$ / permanent;

        try_files $uri $uri/ /index.php?q=$uri&$args;
    }

    location /admin {
        try_files $uri $uri/ /admin/index.php?q=$uri&$args;
    }

    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_pass php:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /var/www/html/www$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_read_timeout 180;
        proxy_buffers 8 32k;
        proxy_buffer_size 64k;
    }

    location ~* \.(jpg|jpeg|gif|webp|png|css|zip|tgz|gz|rar|bz2|doc|xls|pdf|tar|wav|bmp|swf|ico|txt|js|htc|flv|psd|cdr|woff|ttf|svg|eot|woff2)$ {
        root /var/www/html/www;
        add_header Access-Control-Allow-Origin *;
        try_files $uri $uri/ @static;
        access_log off;
        expires 30d;
    }

    location @static {
        rewrite "^/images/(\d{2})/(\d{2})/(\d{1,}).jpg$" /img.php?id=$3 last;
        rewrite "^/images/([0-9]{2})([0-9]{2})([0-9]{1,}).webp$" /images/$1/$2/$1$2$3.webp permanent;
        rewrite "^/video/(\d{1,}).flv$" /video.php?id=$1 last;
        rewrite "^/avatars/(\d{1,}).jpg$" /avatars.php?id=$1 last;
        rewrite "^/avatars/(\d{1,}-\w+).jpg$" /avatars.php?id=$1 last;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location ~ /\.ht {
        deny all;
    }

    location = /status {
        allow 127.0.0.1;
        deny all;
        access_log off;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /var/www/html/www/index.php;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_pass php:9000;
    }
}