server {
    if ($host = sondages.qzine.fr) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    listen [::]:80;
    server_name sondages.qzine.fr;
    # enforce https
    return 301 https://$server_name$request_uri;
    add_header Permissions-Policy "interest-cohort=()";

}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name sondages.qzine.fr;

    # Use Mozilla's guidelines for SSL/TLS settings
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/
    # NOTE: some settings below might be redundant
#    ssl_certificate /etc/letsencrypt/live/sondages.qzine.fr/fullchain.pem; # managed by Certbot
#    ssl_certificate_key /etc/letsencrypt/live/sondages.qzine.fr/privkey.pem; # managed by Certbot

    # Path to the root of your installation
    root /home/www/tykayn/sfprobe/web/;
    ssl_certificate /etc/letsencrypt/live/sondages.qzine.fr-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/sondages.qzine.fr-0001/privkey.pem; # managed by Certbot


 location / {
        # try to serve file directly, fallback to app.php
        try_files $uri /app.php$is_args$args;
    }

        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }

        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }


        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
  expires max;
                log_not_found off;
        }
# PROD
    location ~ ^/app\.php(/|$) {
 include fastcgi.conf;
                fastcgi_intercept_errors on;
        #        fastcgi_pass php-handler;
	fastcgi_pass unix:/run/php/php7.4-fpm.sock;
#	fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
       # When you are using symlinks to link the document root to the
       # current version of your application, you should pass the real
       # application path instead of the path to the symlink to PHP
       # FPM.
       # Otherwise, PHP's OPcache may not properly detect changes to
       # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
       # for more information).
       fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
       fastcgi_param DOCUMENT_ROOT $realpath_root;
       # Prevents URIs that include the front controller. This will 404:
       # http://domain.tld/app.php/some-path
       # Remove the internal directive to allow URIs like this
       internal;
   }

   # return 404 for all other php files not matching the front controller
   # this prevents access to other php files you don't want to be accessible.
   location ~ \.php$ {
     return 404;
   }

    add_header Permissions-Policy "interest-cohort=()";

}