server {
    root {{ doc_root }};
    server_name $hostname;    # e.g. box.lan, set dynamically when NGINX starts
    #server_name {{ iiab_hostname }}.{{ iiab_domain }};
    #server_name {{ iiab_hostname }}
    listen 80;

    index index.php index.html index.htm;

    # let individual services drop location blocks in conf.d
    include {{ nginx_conf_dir }}/*;

    location ~ .*\.php$ {
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        fastcgi_pass php;
        fastcgi_index index.php;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name;
        include fastcgi_params;
    }

    # 2021-07-30: Security risk identified by @tim-moody
    #location /cgi-bin {
    #    root /usr/lib;
    #}

    # if you don't like seeing all the errors for missing favicon.ico in root
    location = /favicon.ico { access_log off; log_not_found off; }

    # if you don't like seeing errors for a missing robots.txt in root
    location = /robots.txt { access_log off; log_not_found off; }

    # this will prevent files like .htaccess .htpassword .secret etc from being served
    location ~ /\. { deny all; }
}