server {
    listen 80;
    server_name kikikan.xyz;

	# Redirect to HTTPS
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name kikikan.xyz;
    root /work/public;

	# SSL化
    ssl_certificate /etc/letsencrypt/live/kikikan.xyz/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/kikikan.xyz/privkey.pem;

	access_log /var/log/nginx/ssl-access.log;
	error_log /var/log/nginx/ssl-error.log;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.php;

    charset utf-8;
    client_max_body_size 0;

    # アップロードの許容制限アップ
    fastcgi_read_timeout 99999;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /index.php;

    location ~ \.php$ {
		try_files $uri =404;
        fastcgi_pass app:9000;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        set_real_ip_from 127.0.0.1/32;
        real_ip_header X-Forwarded-For;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}