limit_req_zone $binary_remote_addr zone=ddlimit:10m rate=1r/m;
server {
    listen [::]:443 ssl http2;
    listen 443 ssl http2;
    server_name devicedetector.lw1.at;
    access_log /var/log/nginx/devicedetector.lw1.at.access.log;
    error_log /var/log/nginx/devicedetector.lw1.at.error.log;

    ssl_certificate /etc/letsencrypt/live/devicedetector.lw1.at/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/devicedetector.lw1.at/privkey.pem;
    root /var/www/devicedetector/public/;

    index index.html;

    location / {
        try_files $uri $uri/index.html /index.html;

        rewrite ^([^.]*[^/])$ $1/ permanent;
        rewrite /detect/ /ua.php last;
        rewrite /supported/ /supported.php last;
    }

    location ~ \.php$ {
        limit_req zone=ddlimit burst=20 nodelay;
        limit_req_status 429;
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
    }

    location ~* \.(?:ico|css|js|gif|jpe?g|png|woff|woff2|svg)$ {
        expires 12h;
        add_header Pragma public;
        add_header Cache-Control "public";
    }
    location ~* \.(html)$ {
        add_header Cache-Control "must-revalidate";
    }
}

# vim: filetype=nginx