server {
  listen __PORT__;
  server_name auth.__DNSDOMAIN__;
  root __PORTALDIR__;

  location ~ \.pl$ {
    include /etc/nginx/fastcgi_params;
    fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock;
    fastcgi_param LLTYPE cgi;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_split_path_info ^(.*\.pl)(/.+)$;
  }

  location / {
    index index.pl;
    try_files $uri $uri/ =404;

    # Uncomment this if you use https only
    #add_header Strict-Transport-Security "15768000";
  }

  # SOAP functions for sessions management (disabled by default)
  location /index/adminSessions {
    deny all;
  }

  # SOAP functions for sessions access (disabled by default)
  location /index.pl/sessions {
    deny all;
  }

  # SOAP functions for configuration access (disabled by default)
  location /index.pl/config {
    deny all;
  }

  # SOAP functions for notification insertion (disabled by default)
  location /index.pl/notification {
    deny all;
  }
  # SAML2 Issuer
  rewrite ^/saml/metadata /metadata.pl last;
  rewrite ^/saml/.* /index.pl last;

  # CAS Issuer
  rewrite ^/cas/.* /index.pl;

  # OpenID Issuer
  rewrite ^/openidserver/.* /index.pl last;

  # OpenID Connect Issuer
  rewrite ^/oauth2/.* /index.pl last;
  rewrite ^/.well-known/openid-configuration$ /openid-configuration.pl last;

  # DEBIAN
  # If install was made with USEDEBIANLIBS (official releases), uncomment this
  #location /javascript/ {
  #  alias /usr/share/javascript/;
  #}
}