# Nginx site config for cheraghbot
# Docs: docs/deployment.md
# Copy to: /etc/nginx/sites-available/cheraghbot
# Enable:  ln -s /etc/nginx/sites-available/cheraghbot /etc/nginx/sites-enabled/
# Test:    nginx -t && systemctl reload nginx
# SSL:     certbot --nginx -d bot.your-domain.com

server {
    listen 80;
    listen [::]:80;
    server_name bot.your-domain.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name bot.your-domain.com;

    root /var/www/cheraghbot/public;
    index index.php;

    # SSL paths — adjust after certbot
    ssl_certificate     /etc/letsencrypt/live/bot.your-domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/bot.your-domain.com/privkey.pem;

    client_max_body_size 32M;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        include fastcgi_params;
        # Adjust PHP version: php8.3-fpm or php8.4-fpm
        fastcgi_pass unix:/run/php/php8.3-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        fastcgi_hide_header X-Powered-By;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}