# We're running rootless so we don't have permission to write to /var/run/nginx.pid
pid /tmp/nginx.pid;

events {
    worker_connections  1024;
}

http {
    access_log /dev/stdout;
    error_log /dev/stdout;

    # Default directory is /var/cache/nginx/ but we're running rootless so that won't work
    proxy_temp_path /tmp/proxy_temp;
    client_body_temp_path /tmp/client_temp;
    fastcgi_temp_path /tmp/fastcgi_temp;
    uwsgi_temp_path /tmp/uwsgi_temp;
    scgi_temp_path /tmp/scgi_temp;

    include mime.types;
    default_type application/octet-stream;

    resolver 127.0.0.11 valid=10s;

    server {
        include /tmp/listen.conf;
        server_name _;

        index index.php index.html;

        proxy_read_timeout 3600;
        fastcgi_read_timeout 3600;

        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;

        root /data/;

        location / {
            try_files $uri $uri/ /index.php?route=$uri&$args;
        }

        location ~ \.(tpl|cache|htaccess)$ {
            return 403;
        }

        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include /tmp/fastcgi-pass.conf;
            include fastcgi_params;
        }

        client_max_body_size 512M; # This matches our default max body size for php-fpm
    }
}