{% extends "core.j2" %}

{% block root %}
  root {{ nginx_www_dir }}{{ item.root }};
  index index.html index.php;
{% endblock %}

{% block location %}

## LOCATIONS
  location / {
    try_files $uri $uri/ /index.php?_url=$uri&$query_string;
  }

  location /favicon.ico {
    alias {{ nginx_www_dir }}{{ item.root }}/favicon.png;
  }

  # deny all direct access for these folders
  location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { 
    return 403; 
  }

  # deny running scripts inside core system folders
  location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { 
    return 403; 
  }

  # deny running scripts inside user folder
  location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { 
    return 403; 
  }

  # deny access to specific files in the root folder
  location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { 
    return 403; 
  }

  location ~ \.php$ {
{% if item.upstream_params is defined and item.upstream_params is iterable %}
{% for param in item.upstream_params %}
		{{ param }}
{% endfor %}
{% endif %}
  }
{% endblock %}