server {
    listen 80;
    listen [::]:80;
    server_name .$DOMAIN;
    return 301 https://\$host\$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name .$DOMAIN;

    # SSL Configuration
    ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

    # Determine the subdomain and set the root accordingly
    set \$subdomain '';
    if (\$host ~* ^([^.]+)\.$DOMAIN$) {
        set \$subdomain \$1;
    }

    # Default root for subdomains
    # subdomains are the default, so that we get 404s for nonexistant subdomains
    root $MAIN_WEB_ROOT/subdomains/\$subdomain/www;

    # For the main domain, use the _main/www directory
    if (\$host = $DOMAIN) {
        root $MAIN_WEB_ROOT/_main/www;
    }

    # Index file names
    index index.html index.htm index.php;

    # Try files first, then use the router.php file if it exists
    location / {
        try_files \$uri \$uri/ @router;
    }

    # Use the router.php file for all nonexistant file requests if it exists
    location @router {
        if (!-f \$document_root/router.php) {
            return 404;
        }
        fastcgi_pass unix:/var/run/php/php-fpm.sock;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME \$document_root/router.php;
    }

    # PHP Configuration
    location ~ \.php$ {
        try_files \$uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    # Deny access to .ht* files
    location ~ /\.ht {
        deny all;
    }

    # Additional config options
    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
    client_max_body_size 20M;

    # Log to both default location and custom site directory, named by subdomain
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;
    if (\$subdomain != '') {
        access_log $MAIN_WEB_ROOT/logs/\$subdomain.access.log;
        error_log $MAIN_WEB_ROOT/logs/\$subdomain.error.log;
    }else {
        access_log $MAIN_WEB_ROOT/logs/_main.access.log;
        error_log $MAIN_WEB_ROOT/logs/_main.error.log;
    }
}