server {
    listen *:443 ssl;
    server_name _;
    charset UTF-8;
    root /home/totum/totum-mit/http/;
    index index.php;
    expires off;

    ssl_certificate /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/YOUR_DOMAIN/chain.pem;

    client_max_body_size 10M;

    location / {
    try_files $uri $uri/ /index.php?$args;
    }

    location ~ ^/fls/6_main_img.png$ {
    try_files /fls/$host/6_main_img.png $uri /fls/hand.png;
    }

    location ~ ^/fls/6_favicon.png$ {
    try_files /fls/$host/6_favicon.png $uri /fls/hand_favicon.png;
    }

    location ~ ^/fls/(.+)$ {
    try_files /fls/$host/$1 $uri /fls/no-img.jpg;
    }

    location ~ ^/fonts/(.+)$ {
    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Credentials' 'true';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
    add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
    expires 365d;
    }

    # added functionality for web sockets
    location /PRONotify {
    proxy_pass http://localhost:8181/PRONotify;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_read_timeout 600s;
    }
    # ...

    location ~* \.php$ {

    fastcgi_pass unix:/run/php/php8.3-fpm-totum.sock;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    try_files $uri =404;
    include fastcgi_params;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    fastcgi_read_timeout 300;
    }
}

server {
    include acme;

    listen *:80;
    server_name _;

    location / {
    return 301 https://$host$request_uri;
    }
}