server {
  listen __PORT__;
  server_name auth.__DNSDOMAIN__;
  root __PORTALDIR__;

  if ($uri !~ ^/((static|javascript|favicon).*|.*\.psgi)) {
    rewrite ^/(.*)$ /index.psgi/$1 break;
  }

  location ~ \.psgi(?:$|/) {
    # Note that Content-Security-Policy header is generated by portal itself
    include /etc/nginx/fastcgi_params;
    fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock;
    fastcgi_param LLTYPE psgi;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
    fastcgi_param PATH_INFO  $fastcgi_path_info;
    # Uncomment this if you use Auth SSL:
    #map $ssl_client_s_dn  $ssl_client_s_dn_cn {
    #  default           "";
    #  ~/CN=(?<CN>[^/]+) $CN;
    #}
    #fastcgi_param  SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn
  }

  index index.psgi;
  location / {
    try_files $uri $uri/ =404;

    # Uncomment this if you use https only
    #add_header Strict-Transport-Security "15768000";
  }

  location /static/ {
    alias __PORTALSTATICDIR__;
  }

  # SOAP functions for sessions management (disabled by default)
  location /index/adminSessions {
    deny all;
  }

  # SOAP functions for sessions access (disabled by default)
  location /index.psgi/sessions {
    deny all;
  }

  # SOAP functions for configuration access (disabled by default)
  location /index.psgi/config {
    deny all;
  }

  # SOAP functions for notification insertion (disabled by default)
  location /index.psgi/notification {
    deny all;
  }

  # DEBIAN
  # If install was made with USEDEBIANLIBS (official releases), uncomment this
  #location /javascript/ {
  #  alias /usr/share/javascript/;
  #}
}