server {

  listen 80;
  listen [::]:80;
  server_name domain.example.com;
  return 301 https://domain.example.com$request_uri;
}

server {

  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name domain.example.com;

  ssl_certificate /etc/ssl/domain.example.com/ssl-bundle.crt;
  ssl_certificate_key /etc/ssl/domain.example.com/domain.example.com.key;

  # logging
  access_log /var/log/nginx/leantime.access.log;
  error_log /var/log/nginx/leantime.error.log warn;

  location /leantime/ {

      include include.d/auth;
      root /var/www/leantime/public/;
      access_log /var/log/nginx/scripts.log scripts;

      rewrite ^/leantime/leantime(/.*)$ /leantime$1 permanent;
      rewrite ^/leantime/?$ /leantime/index.php?act=dashboard.show last;
      rewrite ^/leantime/([^/\.]+)/([^/\.]+)/?$ /leantime/index.php?act=$1.$2 last;
      rewrite ^/leantime/([^/\.]+)/([^/\.]+)/([^/\.]+)/?$ /leantime/index.php?act=$1.$2&id=$3 last;
      rewrite ^/leantime(/.*)$ $1 break;

      location ~.php$ {
        root /var/www/leantime/public/;

        rewrite ^/leantime(/.*)$ $1 break;

        fastcgi_intercept_errors on;
        fastcgi_index  index.php;
        fastcgi_buffers 8 16k;
        fastcgi_buffer_size 32k;
        include        fastcgi_params;
        fastcgi_param  SCRIPT_FILENAME  /var/www/leantime/public/$fastcgi_script_name;
        fastcgi_param  PATH_INFO $fastcgi_path_info;
        fastcgi_param  DN $ssl_client_s_dn;
        fastcgi_pass   php-fpm;
      }

      location = /leantime/resetPassword {
        rewrite ^(.*)$ /leantime/index.php?resetPassword=true;
      }
      location = /leantime/install {
        rewrite ^(.*)$ /leantime/index.php?install=true;
      }
      location = /leantime/update {
        rewrite ^(.*)$ /leantime/index.php?update=true;
      }
      # assets, media
      location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
        rewrite ^/leantime/leantime(/.*)$ /leantime$1 permanent;
        rewrite ^/leantime(/.*)$ $1 break;
        expires 7d;
        access_log off;
      }
      # svg, fonts
      location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
        rewrite ^/leantime/leantime(/.*)$ /leantime$1 permanent;
        rewrite ^/leantime(/.*)$ $1 break;
        add_header Access-Control-Allow-Origin "*";
        expires 7d;
        access_log off;
      }
      # gzip
      gzip on;
      gzip_vary on;
      gzip_proxied any;
      gzip_comp_level 6;
      gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
    }
}