server {
  listen __PORT__;
  listen [::]:__PORT__;
  server_name manager-api.__DNSDOMAIN__;
  root __MANAGERAPIDIR__;
  # Use "lm_app" format to get username in nginx.log (see nginx-lmlog.conf)
  #access_log /var/log/nginx/manager-api.log lm_app;

  # Uncomment this if you are running behind a reverse proxy and want
  # LemonLDAP::NG to see the real IP address of the end user
  # Adjust the settings to match the IP address of your reverse proxy
  # and the header containing the original IP address
  # As an alternative, you can use the PROXY protocol
  #
  #set_real_ip_from  127.0.0.1;
  #real_ip_header    X-Forwarded-For;

  location /doc/ {
      alias /usr/share/doc/lemonldap-ng-doc/;
      index index.html start.html;
  }
  location / {
      rewrite ^/(.*)$ /api.psgi/$1;
  }

  location ~ ^(?<sc>/.*\.psgi)(?:$|/) {

    # FastCGI configuration
    include /etc/nginx/fastcgi_params;
    fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock;
    fastcgi_param LLTYPE psgi;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
    fastcgi_param PATH_INFO  $fastcgi_path_info;

    # OR TO USE uWSGI
    #include /etc/nginx/uwsgi_params;
    #uwsgi_pass 127.0.0.1:5000;
    #uwsgi_param LLTYPE psgi;
    #uwsgi_param SCRIPT_FILENAME $document_root$sc;
    #uwsgi_param SCRIPT_NAME $sc;

    # Uncomment this if you use https only
    #add_header Strict-Transport-Security "max-age=15768000";

  }

  # By default, access to this VHost is denied
  # If you want to enable the manager APIs, you MUST
  # implement a robust authentication scheme to protect this
  # VHost since LemonLDAP::NG provides no protection to the
  # Manager APIs yet
  #
  #allow 127.0.0.0/8;
  #allow ::1/128;
  deny all;

  # DEBIAN
  # If install was made with USEDEBIANLIBS (official releases), uncomment this
  #location /javascript/ {
  #  alias /usr/share/javascript/;
  #}

}