apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ include "ezscale-website.fullname" . }}-nginx
  labels: {{- include "ezscale-website.labels" . | nindent 4 }}
data:
  default.conf: |
    server {
        listen 80 default_server;
        server_name _;
        root /var/www/html/public;
        index index.php index.html;

        client_max_body_size 50M;
        charset utf-8;

        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-Content-Type-Options "nosniff";
        add_header Referrer-Policy "strict-origin-when-cross-origin";

        location = /favicon.ico { access_log off; log_not_found off; }
        location = /robots.txt  { access_log off; log_not_found off; }

        location / {
            try_files $uri $uri/ /index.php?$query_string;
        }

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
            fastcgi_param DOCUMENT_ROOT $realpath_root;
            fastcgi_param HTTP_PROXY "";
            # Pass HTTPS to PHP only when X-Forwarded-Proto is non-empty.
            # if_not_empty avoids the param being set to "" when the header
            # is missing (which would falsely satisfy isset($_SERVER['HTTPS'])).
            fastcgi_param HTTPS $http_x_forwarded_proto if_not_empty;
            fastcgi_buffers 16 16k;
            fastcgi_buffer_size 32k;
            fastcgi_read_timeout 300;
        }

        location ~ /\.(?!well-known).* {
            deny all;
            access_log off;
            log_not_found off;
        }
    }