server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name <api.hostname.tld>;
    root        /path/to/api/public/;
    index       index.php;

    ssl_certificate     /etc/letsencrypt/live/<hostname.tld>/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/<hostname.tld>/privkey.pem;

    # This block should go into a `ssl_options` file and included inside server block of all vhosts.
    # Remove this line below if you are not using Certbot
    ssl_dhparam         /etc/letsencrypt/ssl-dhparams.pem;
    ssl_session_cache shared:le_nginx_SSL:10m;
    ssl_session_timeout 1440m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;
    ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA";

    access_log /var/log/nginx/<api.hostname.tld>.access.log;
    error_log /var/log/nginx/<api.hostname.tld>.error.log;

    location ~ \.php$ {
        try_files                       $uri =404;
        fastcgi_split_path_info         ^(.+\.php)(/.+)$;
        fastcgi_pass                    unix:/var/run/php/php8.2-fpm.sock;
        fastcgi_index                   index.php;
        include                         fastcgi_params;
        fastcgi_buffers                 16 16k;
        fastcgi_buffer_size             32k;
        fastcgi_param SCRIPT_FILENAME   $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO         $fastcgi_path_info;
        fastcgi_param DOCUMENT_ROOT     $realpath_root;
        internal;
    }

    location / {
        try_files $uri $uri/ /index.php?$query_string;
        gzip_static on;
    }
}

server {
    listen 80;
    listen [::]:80;

    server_name <api.hostname.tld>;
    return 301 https://$host$request_uri;
}