server {
    server_name think.somethingorotherwhatever.com;

    location ~ /static {
        rewrite ^/static/(.*)$ /$1 break;
        root /srv/think.somethingorotherwhatever.com/public/static;
    }

    location ~ /.well-known {
        rewrite ^/.well-known/(.*)$ /$1 break;
        root /srv/think.somethingorotherwhatever.com/public/well-known;
    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/run/think_something.sock;
    }

    access_log /var/log/nginx/think.somethingorotherwhatever.com.access.log;
    error_log /var/log/nginx/think.somethingorotherwhatever.com.error.log;


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/think.somethingorotherwhatever.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/think.somethingorotherwhatever.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    index index.html index.htm;

    server_name ~(?<slug>.*?).think.somethingorotherwhatever.com$;
    root /srv/think.somethingorotherwhatever.com/think_data/$slug;

    location / {
        try_files $uri $uri/ =404;
        autoindex on;
        add_header 'Cache-Control' 'no-cache, no-store, must-revalidate';
        if ($http_origin ~* (https?://([^/]*\.)?think.somethingorotherwhatever.com(:[0-9]+)?)$) {
            add_header 'Access-Control-Allow-Origin' "*";
        }        
    }
    
    location ~ /\.(jj|git).* {
        deny all;
    }

    location ~ ^/cgi-bin/.*\.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
    }

    location ~ ^/cgi-bin/.*\.(py|js|mjs)$ {
        gzip off;
        fastcgi_pass unix:/var/run/fcgiwrap.socket;
        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /srv/think.somethingorotherwhatever.com/think_data/$slug$fastcgi_script_name;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/think.somethingorotherwhatever.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/think.somethingorotherwhatever.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = think.somethingorotherwhatever.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
    
    server_name think.somethingorotherwhatever.com;
    listen 80;
    return 404; # managed by Certbot


}
server {
    server_name ~(?<slug>.*?).think.somethingorotherwhatever.com$;
    listen 80;
    return 301 https://$host$request_uri;
}