server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /app;
    index index.php index.html index.htm;

    server_name _;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;

    location ^~ /logs/ {
        deny all;
        return 403;
    }

    location ^~ /cache/ {
        deny all;
        return 403;
    }

    location / {
        try_files $uri $uri/ $uri/index.php?$args;
    }

    location ~ ^/(api|p)/ {
        try_files $uri $uri/ /$1.php;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass 127.0.0.1:9000;
    }

    location ~ /\.ht {
        deny all;
    }

    access_log /dev/null;
}