server {
    listen 10.8.0.1:443 ssl http2;
    listen [::]:443 ssl http2;
    server_name pbx.ins;

    ssl_certificate /etc/nginx/ssl/pbx-ins.chain.crt;
    ssl_certificate_key /etc/nginx/ssl/pbx-ins.key.pem;

    client_max_body_size 230M;
    client_body_timeout 1h;
    
    root /var/www/html;
    index index.html index.htm index.php;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf; # server defaults are good
        fastcgi_pass unix:/run/php/php7.3-fpm-asterisk.sock;
        fastcgi_param HTACCESS on; # disables FreePBX htaccess warning
        proxy_read_timeout 800;
    }

    # Block access to orangehrm and orangehrm-5.1 directories
    location ~ ^/(orangehrm|orangehrm-5\.1)(/|$) {
        deny all;
        return 403;
    }

    # Disallows the things that the FreePBX .htaccess files disallow
    location ~ (/\.ht|/\.git|\.ini$|/libraries|/helpers|/i18n|/node|/views/.+php$) {
        deny all;
    }

    # From the api module .htaccess file
    rewrite ^/admin/api/([^/]*)/([^/]*)/?(.*)?$ /admin/api/api.php?module=$1&command=$2&route=$3 last;
}