{{ nextcloud_fqdn }} {
  root * /var/www/html/nextcloud
  file_server
    route {
    # Add trailing slash for directory requests
    @canonicalPath {
      file {path}/index.php
      not path */
    }
    redir @canonicalPath {path}/ 308

    # CUSTOM ADDITION TO php_fastcgi
    # Remove trailing slashes from dav protocols
    @trailingSlashDavPath {
      path_regexp davslash /((?:remote|public)\.php/(?:web|cal|card)?dav(?:/[^/]+)?)(?:/+)$
    }
    rewrite @trailingSlashDavPath /{re.davslash.1}

    # If the requested file does not exist, try index files
    @indexFiles file {
      try_files {path} {path}/index.php index.php
      split_path .php
    }
    rewrite @indexFiles {http.matchers.file.relative}

    # Proxy PHP files to the FastCGI responder
    @phpFiles path *.php
    # Host port 9001 is mapped to nextcloud's 9000, for container'd caddy use <container_name>:9000
    reverse_proxy @phpFiles unix//var/opt/remi/php{{ php_version }}/run/php-fpm/www.sock {
      transport fastcgi {
        split .php
        # CUSTOM ADDITION TO php_fastcgi
        # CUSTOM ADDITION TO php_fastcgi - not really working
        # env front_controller_active true
      }
    }
  }

  redir /.well-known/carddav /remote.php/dav permanent
  redir /.well-known/caldav /remote.php/dav permanent
  redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo permanent
  redir /.well-known/webfinger /index.php/.well-known/webfinger permanent

  encode gzip
  {% if cert_path is defined and key_path is defined %}
  tls /etc/caddy/{{ cert_name }}.crt /etc/caddy/{{ cert_name }}.key
  {% endif %}

  header {
    -Server
    -X-Powered-By
    Permissions-Policy interest-cohort=()
    X-Content-Type-Options "nosniff"
    X-Robots-Tag "noindex, nofollow"
    X-Download-Options "noopen"
    X-Permitted-Cross-Domain-Policies "none"
    Referrer-Policy "no-referrer"
    X-Frame-Options "SAMEORIGIN"
    X-XSS-Protection "1; mode=block"
    Strict-Transport-Security "max-age=15552001"
  }

  @blocked_locations {
	  path_regexp (^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/))|(^/(?:\.|autotest|occ|issue|indie|db_|console))
  }

  route @blocked_locations {
	  error * "Not found" 404
  }

  log {
    output file /var/log/caddy/{{ cert_name }}-access.log
  }
}
