
server {
	listen 127.0.0.1:80;
	server_name 127.0.0.1;

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	client_max_body_size 80M;
	client_body_buffer_size 128k;

	location / {
		root /var/www/fusionpbx;
		index index.php;
	}

	location ~ \.php$ {
		fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
		#fastcgi_pass 127.0.0.1:9000;
		fastcgi_index index.php;
		include fastcgi_params;
		fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
	}

	# Disable viewing .htaccess & .htpassword & .db
	location ~ .htaccess {
			deny all;
	}
	location ~ .htpassword {
			deny all;
	}
	location ~^.+.(db)$ {
			deny all;
	}
	location ~ /\.git {
		deny all;
	}
	location ~ /\.lua {
		deny all;
	}
	location ~ /\. {
		deny all;
	}
}

server {
	listen 80;
	server_name fusionpbx;

	if ($uri !~* ^.*(provision|xml_cdr).*$) {
		rewrite ^(.*) https://$host$1 permanent;
		break;
	}

	#REST api
	if ($uri ~* ^.*/api/.*$) {
		rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
		break;
	}

	#algo
	rewrite "^.*/provision/algom([A-Fa-f0-9]{12})(\.(conf))?$" /app/provision/?mac=$1;

	#avaya
	rewrite "^.*/provision/J100Supgrade.txt" /resources/templates/provision/avaya/J100Supgrade.txt last;
	rewrite "^.*/provision/([A-Fa-f0-9]{12}).txt?$" /app/provision/index.php?mac=$1 last;

	#mitel
	rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
	rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;

	#grandstream
	rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
	rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
	#grandstream-wave softphone by ext because Android doesn't pass MAC.
	rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;

	#aastra
	rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
	#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;

	#yealink common
	rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;

	#yealink mac
	rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;

	#polycom
	rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
	#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
	rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";

	#cisco
	rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;

	#Escene
	rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$"       "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
	rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$"    "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;

	#Vtech
	rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
	rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;

	#Digium
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";

	#Snom
	rewrite "^.*/provision/.*-([A-Fa-f0-9]{12})\.?(cfg|htm)?$" /app/provision/index.php?mac=$1;
	rewrite "^.*/provision/C520-WiMi_([A-Fa-f0-9]{12})\.cfg$" /app/provision/index.php?mac=$1;
    rewrite "^.*/provision/([A-Fa-f0-9]{12})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	client_max_body_size 80M;
	client_body_buffer_size 128k;

	location / {
		root /var/www/fusionpbx;
		index index.php;
	}

	location ~ \.php$ {
		fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
		#fastcgi_pass 127.0.0.1:9000;
		fastcgi_index index.php;
		include fastcgi_params;
		fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
	}

	# Disable viewing .htaccess & .htpassword & .db
	location ~ .htaccess {
		deny all;
	}
	location ~ .htpassword {
		deny all;
	}
	location ~^.+.(db)$ {
		deny all;
	}
	location ~ /\.git {
		deny all;
	}
	location ~ /\.lua {
		deny all;
	}
	location ~ /\. {
		deny all;
	}
}

server {
	listen 443 ssl;
	server_name fusionpbx;

	#ssl                     on;
	ssl_certificate         /etc/ssl/certs/nginx.crt;
	ssl_certificate_key     /etc/ssl/private/nginx.key;
	ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers             HIGH:!ADH:!MD5:!aNULL;

	#REST api
	if ($uri ~* ^.*/api/.*$) {
		rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
		break;
	}

	#message media
	rewrite "^/app/messages/media/(.*)/(.*)" /app/messages/message_media.php?id=$1&action=download last;

	#algo
	rewrite "^.*/provision/algom([A-Fa-f0-9]{12})(\.(conf))?$" /app/provision/?mac=$1;

	#avaya
	rewrite "^.*/provision/J100Supgrade.txt" /resources/templates/provision/avaya/J100Supgrade.txt last;
	rewrite "^.*/provision/([A-Fa-f0-9]{12}).txt?$" /app/provision/index.php?mac=$1 last;

	#mitel
	rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
	rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;

	#grandstream
	rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
	rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
	#grandstream-wave softphone by ext because Android doesn't pass MAC.
	rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;

	#aastra
	rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
	#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;

	#yealink common
	rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;

	#yealink mac
	rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;

	#polycom
	rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
	#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
	rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";

	#cisco
	rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;

	#Escene
	rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$"       "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
	rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$"    "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;

	#Vtech
	rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
	rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;

	#Digium
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
	rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";

	#Snom
	rewrite "^.*/provision/.*-([A-Fa-f0-9]{12})\.?(cfg|htm)?$" /app/provision/index.php?mac=$1;
	rewrite "^.*/provision/C520-WiMi_([A-Fa-f0-9]{12})\.cfg$" /app/provision/index.php?mac=$1;
    rewrite "^.*/provision/([A-Fa-f0-9]{12})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	client_max_body_size 80M;
	client_body_buffer_size 128k;

	location / {
		root /var/www/fusionpbx;
		index index.php;
	}

	location ~ \.php$ {
		fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
		#fastcgi_pass 127.0.0.1:9000;
		fastcgi_index index.php;
		include fastcgi_params;
		fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
	}

	# Allow the upgrade routines to run longer than normal
	location = /core/upgrade/index.php {
		fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
		#fastcgi_pass 127.0.0.1:9000;
		fastcgi_index index.php;
		include fastcgi_params;
		fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
		fastcgi_read_timeout 15m;
	}

	# Disable viewing .htaccess & .htpassword & .db
	location ~ .htaccess {
		deny all;
	}
	location ~ .htpassword {
		deny all;
	}
	location ~^.+.(db)$ {
		deny all;
	}
	location ~ /\.git {
		deny all;
	}
	location ~ /\.lua {
		deny all;
	}
	location ~ /\. {
		deny all;
	}
}
