server {
    listen 80;

    server_name ${SERVER_NAME} ${SERVER_ALT_NAME};
    root /var/www/html;
    index index.html index.php;
    
    client_max_body_size 20M;

    # Security
    include /etc/nginx/custom.conf.d/nginx-custom-configs.conf;
    include /etc/nginx/custom.conf.d/nginx-wp-hardening.conf;

    # Prevent Clickjacking
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-Content-Type-Options "nosniff";

    charset utf-8;

    # Set the custom error pages
    error_page 404 /index.php;
    error_page 403 /index.php;

    # Logs
    error_log /dev/stderr;
    access_log /dev/stdout;
    
    location ^~ /pma/ {
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_pass http://pma:80/;

        allow ${SECURE_SUBNET};
        allow 127.0.0.1; 
        deny all;
    }

    location ~* /xmlrpc.php$ {
        fastcgi_pass ${WP_CONTAINER_NAME}:9000;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

        allow ${SECURE_SUBNET};
        allow 127.0.0.1; 
        deny all;
    }

    # Remove direct access to the following folders & files
    location ~* ^/(?:\.|conf|data/(?:files|personal|logs|plugins|tmp|cache)|plugins/editor.zoho/agent/files) {
        deny all;
    }

    location ~* /data/public/.*.(ser|htaccess)$ {
        deny all;
    }

    # Stops the annoying error messages in the logs
    location ~* ^/(favicon.ico|robots.txt) {
        log_not_found off;
    }

    location = /favicon.ico {
        expires 1y;
        log_not_found off;
        access_log off;
    }

    location ~ ^/(wp-admin|wp-login.php) {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass ${WP_CONTAINER_NAME}:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name;

        allow ${SECURE_SUBNET};
        allow 127.0.0.1; 
        deny all;
    }

    # Enables PHP
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass ${WP_CONTAINER_NAME}:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name;
    }

    # Enables Caching
    location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
        expires 7d;
        add_header Pragma public;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    }

    # The rewrite magic
    location / {
        try_files $uri $uri/ /index.php?$args;
    }
}