#
# /etc/nginx/conf.d/pihole.conf
#
# https://github.com/pi-hole/pi-hole/wiki/Nginx-Configuration
#

server {
  modsecurity on;
  modsecurity_rules_file {{ nginx_path }}/modsec_includes.conf;

	listen 80;

	root /srv/http/pihole;
	server_name {{ pi_server_name }};
	autoindex off;

	proxy_intercept_errors on;
	error_page 404 /pihole/index.php;

	index pihole/index.php index.php index.html index.htm;

	allow 192.168.1.0/24;
	allow 127.0.0.1;
	deny all;

	location / {
		expires max;
		try_files $uri $uri/ =404;
		add_header X-Pi-hole "A black hole for Internet advertisements";
	}

	location ~ \.php$ {
		include fastcgi.conf;
		fastcgi_intercept_errors on;
		fastcgi_pass  unix:/run/php-fpm/php-fpm.sock;
		fastcgi_param VIRTUAL_HOST open_basedir="/srv/http/pihole:run/pihole-ftl/pihole-FTL.port:run/log/pihole/pihole.log:run/log/pihole-ftl/pihole-FTL.log:etc/pihole:etc/hosts:etc/hostname:etc/dnsmasq.d/02-pihole-dhcp.conf:etc/dnsmasq.d/03-pihole-wildcard.conf:etc/dnsmasq.d/04-pihole-static-dhcp.conf:var/log/lighttpd/error.log:proc/meminfo:proc/cpuinfo:sys/class/thermal/thermal_zone0/temp:tmp";
	}

	location /admin {
		root /srv/http/pihole;
		index index.php index.html index.htm;
		add_header X-Pi-hole "The Pi-hole Web interface is working!";
		add_header X-Frame-Options "DENY";
	}

	location ~ /\.ttf {
		add_header Access-Control-Allow-Origin "*";
	}

	location ~ /admin/\. {
		deny all;
	}

	location ~ /\.ht {
		deny all;
	}
}