server {
	listen 443 ssl;
	listen [::]:443 ssl;
	server_name {{ ([dns_name] + tls_domains|default([])) | join(" ") }};

	http2 on;
	ssl_certificate /etc/letsencrypt/live/{{ dns_name }}/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/{{ dns_name }}/privkey.pem;

	client_max_body_size 100M;

	root /srv/http/dokuwiki;
	index index.php;

	location ~ /(conf/|bin/|inc/|vendor/|install.php) { deny all; }
	location ~ ^/data/ { internal; }
	location ~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$ { expires 365d; }

	location / { try_files $uri $uri/ @dokuwiki; }

	location @dokuwiki {
		rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
		rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
		rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
		rewrite ^/(.*) /doku.php?id=$1&$args last;
	}

	location ~ \.php$ {
		try_files $uri $uri/ /doku.php;

		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		fastcgi_param REDIRECT_STATUS 200;
		fastcgi_param HTTPS on;
		fastcgi_pass unix:/run/php-fpm.socket;
	}
}