server "cloud.{{ global.domain_name }}" {
	listen on * port {{ nextcloud_port }}

	root "/nextcloud"
	directory index index.php

	hsts max-age 15768000

	# deny access to confidential data/programs first
	location "/.ht*"        { block }
	location "/.user*"      { block }
	location "/3rdparty*"   { block }
	location "/README"      { block }
	location "/autotest*"   { block }
	location "/build*"      { block }
	location "/config*"     { block }
	location "/console*"    { block }
	location "/data*"       { block }
	location "/db_*"        { block }
	location "/indie*"      { block }
	location "/issue*"      { block }
	location "/lib*"        { block }
	location "/occ*"        { block }
	location "/templates*"  { block }
	location "/tests*"      { block }

	location "/*.php" {
		fastcgi socket "/run/php-fpm.sock"
	} 
	location "/*.php[/?]*" {    
		fastcgi socket "/run/php-fpm.sock"
	}

	location "/.well-known/host-meta" {
		block return 301 "/public.php?service=host-meta"
	}
	location "/.well-known/host-meta.json" {
		block return 301 "/public.php?service=host-meta-json"
	}
	location "/.well-known/webfinger" {
		block return 301 "/public.php?service=webfinger"
	}
	location "/.well-known/carddav" {
		block return 301 "/remote.php/dav/"
	}
	location "/.well-known/caldav" {
		block return 301 "/remote.php/dav/"
	}
}