server_tokens off;

index index.php index.html;
charset UTF-8;
default_type text/html;

gzip on;
gzip_disable "msie6";

gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_min_length 10;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/png image/gif image/jpeg;

client_max_body_size 1024M;

# Force HTTPS on Heroku
if ($http_x_forwarded_proto = "http") {
  return 301 https://$host$request_uri;
}

include /app/config/nginx.d/*.conf;

# Force installation to /wp-admin/install.php so siteurl is always correct
rewrite ^/wp/wp-admin/install.php(.*) $scheme://$http_host/wp-admin/install.php permanent;

# Rewrite rules to allow for an application-like wordpress directory structure
if (!-e $request_filename) {
  rewrite ^/wp-admin$ $scheme://$http_host/wp-admin/ permanent;
  rewrite ^/(wp-.*.php)$ /wp/$1 last;
  rewrite ^/(wp-(content|admin|includes).*) /wp/$1 last;
}

# Enable XML-RPC for WordPress
rewrite ^/(xmlrpc\.php)$ /wp/$1 last;

# Hide often probed WordPress file so that finding out the WordPress install
# and version would not be too easy
location /wp/readme.html {
  return 404;
}

location = /favicon.ico {
  log_not_found off;
  access_log off;
}

location = /robots.txt {
  allow all;
  log_not_found off;
  access_log off;
}

location = /ads.txt {
  allow all;
  log_not_found off;
  access_log off;
}

# Block direct access to WooCommerce digital downloads. They can be accessed
# via the X-Accel-Redirect mechanism for fast and protected downloads.
location /wp/wp-content/uploads/woocommerce_uploads/ {
  internal;
}

# Deny access to any other dot file
# ~ matches using regular expression all requests that contain '/.'
# anywhere in the URL, eg '/.htaccess' and '/wp-content/.htpasswd'.
# This regex will override all non-regex rules, except ^~ rules due
# how to Nginx location parsing and priorities works.
location ~ \/\. {
  deny all;
}

location ~* ^.+\.(css|js|ogg|ogv|svg|svgz|eot|otf|woff|woff2|mp4|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
  try_files $uri =404;
  expires max;
  add_header Pragma "public";
  add_header Cache-Control "public, must-revalidate, proxy-revalidate";
  access_log off;
}

# Use actual file if exists, otherwise pass request to WordPress
# Last rule: match all requests (= URLs that start with /)
location / {
  try_files $uri $uri/ /index.php?$args;
}

# If front page is requested, skip all other regex and rewrite rules and
# pass request directly to WordPress (= URLS that are exactly /)
# Tip from https://www.scalescale.com/tips/nginx/nginx-location-directive/
location = / {
  try_files $uri $uri/ /index.php?$args;
}