# MoodleBox default web server configuration
# Created for MoodleBox 4.5.0, 2022-11-29
#
server {
	listen 80 default_server;
	listen [::]:80 default_server;

	# Uncomment the following 4 lines to enable HTTPS on the MoodleBox
	# listen 443 ssl;
	# listen [::]:443 ssl;
	# ssl_certificate /etc/nginx/ssl/moodlebox.pem;
	# ssl_certificate_key /etc/nginx/ssl/moodlebox.key;

	root /var/www/moodle;

	error_page 404 /error/index.php;
	error_page 403 =404 /error/index.php;

	index index.php index.html index.htm index.nginx-debian.html;

	server_name moodlebox;

	# Hide all dot files but allow "Well-Known URIs" as per RFC 5785
	location ~ /\.(?!well-known).* {
		return 404;
	}

	location / {
		try_files $uri $uri/ =404;
	}

	location /dataroot/ {
		internal;
		alias /var/www/moodledata/;
	}

	location ~ [^/]\.php(/|$) {
		include fastcgi_params;
		fastcgi_split_path_info	^(.+\.php)(/.+)$;
		fastcgi_read_timeout	300;
		fastcgi_pass	unix:/var/run/php/php7.4-fpm.sock;
		fastcgi_index	index.php;
		fastcgi_param	PATH_INFO	$fastcgi_path_info;
		fastcgi_param	SCRIPT_FILENAME	$document_root$fastcgi_script_name;
		fastcgi_param	PHP_VALUE "max_execution_time=300\n upload_max_filesize=50M\n post_max_size=50M\n max_input_vars=5000";
		client_max_body_size	50M;
	}

	# Don't allow direct access to various internal files. See MDL-69333
	location ~ (/vendor/|/node_modules/|composer\.json|/readme|/README|readme\.txt|/upgrade\.txt|db/install\.xml|/fixtures/|/behat/|phpunit\.xml|\.lock|environment\.xml) {
		deny all;
		return 404;
	}

}

