server {
    listen 80;
    listen [::]:80;
    server_name DOMAIN_PLACEHOLDER;

    root APP_DIR_PLACEHOLDER/www;
    index index.php;

    access_log /var/log/manahote/access.log;
    error_log  /var/log/manahote/error.log warn;

    # Fichiers statiques
    location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|woff2?|ttf|eot)$ {
        expires 30d;
        add_header Cache-Control "public, immutable";
        try_files $uri =404;
    }

    # Flux ICS : /calendar/<token>/<unit_id>.ics
    location ~ "^/calendar/([A-Fa-f0-9]{32})/([0-9]+)\.ics$" {
        add_header Content-Type "text/calendar; charset=utf-8";
        add_header Cache-Control "max-age=300, public";
        fastcgi_pass unix:/run/php/phpPHP_VERSION_PLACEHOLDER-fpm.sock;
        fastcgi_param SCRIPT_FILENAME ${document_root}/public/unit_ics.php;
        fastcgi_param QUERY_STRING    token=$1&unit_id=$2;
        include fastcgi_params;
    }

    # Pages publiques autonomes
    location = /start {
        fastcgi_pass unix:/run/php/phpPHP_VERSION_PLACEHOLDER-fpm.sock;
        fastcgi_param SCRIPT_FILENAME ${document_root}/start.php;
        fastcgi_param QUERY_STRING    $query_string;
        include fastcgi_params;
    }

    location = /portal {
        fastcgi_pass unix:/run/php/phpPHP_VERSION_PLACEHOLDER-fpm.sock;
        fastcgi_param SCRIPT_FILENAME ${document_root}/portal.php;
        fastcgi_param QUERY_STRING    $query_string;
        include fastcgi_params;
    }

    # PHP
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass  unix:/run/php/phpPHP_VERSION_PLACEHOLDER-fpm.sock;
        fastcgi_param SCRIPT_FILENAME ${document_root}${fastcgi_script_name};
        fastcgi_param QUERY_STRING    $query_string;
        include fastcgi_params;
    }

    # Front controller back-office
    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    # Bloquer fichiers sensibles
    location ~ /\.(git|env|htaccess)$ { deny all; }
    location ~* (config\.php|composer\.(json|lock)|phinx\.php)$ { deny all; }
}