{% set domain_name      = item.nginx_domain_name %}
{% set domain_aliases   = item.nginx_domain_aliases | default("") %}

server {
    listen 80;

    root {{ nginx_root_prefix }}/{{ domain_name }};

    server_name {{ domain_name }} {{ domain_aliases }};

    index index.php index.html;

    access_log  /var/log/nginx/{{ domain_name }}-access.log;
    error_log   /var/log/nginx/{{ domain_name }}-error.log;

    location / {
        try_files $uri $uri/ =404;
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }

    location ~ \.php$ {
        # Zero-day exploit defense.
        # http://forum.nginx.org/read.php?2,88845,page=3
        # Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine.  And then cross your fingers that you won't get hacked.
        try_files $uri =404;

        #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
        fastcgi_split_path_info ^(.+\.php)(/.+)$;

        fastcgi_pass unix:/var/run/php5-fpm-{{ domain_name }}.sock;
        fastcgi_index index.php;
        # set script path relative to document root in server block
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}