server {
    listen 80;
    listen [::]:80;
    server_name upload.__XMPP_DOMAIN__ ;

    include snippets/acme-challenge.conf;

    return 301 https://$http_host$request_uri;

    access_log /var/log/upload.__DOMAIN__-access.log;
    error_log /var/log/upload.__DOMAIN__-error.log;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name upload.__DOMAIN__;

    ssl_certificate /etc/ssl/upload.__DOMAIN__.crt;
    ssl_certificate_key /etc/ssl/private/upload.__DOMAIN__.key;
    root /xmpp-upload/;

    include snippets/secure-ssl.conf;

    include snippets/secure-headers.conf;
        #custom headers
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'HEAD, GET, PUT, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'Authorization';
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header x-robots-tag "noindex, follow";
        client_max_body_size 105M; # Choose a value a bit higher than the max upload configured in XMPP server

#    add_header Strict-Transport-Security " max-age=63072000; includeSubDomains; preload";


  include snippets/acme-challenge.conf;
  location ~ \.php(?:$|/) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;

        try_files $fastcgi_script_name =404;

        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;

        fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
        fastcgi_param front_controller_active true;     # Enable pretty urls
        fastcgi_pass php-handler;

        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    access_log /var/log/upload.__DOMAIN__-access.log;
    error_log /var/log/upload.__DOMAIN__-error.log;
}