server {
        server_name webmail.mydomain.com;
        listen 443 ssl;

        index index.php;

        root /home/web/snappymail/frontend;

        access_log /var/log/nginx/webmail.mydomain.com_access_log main;
        error_log /var/log/nginx/webmail.mydomain.com_error_log info;

        location ~ /.*\.php$ {
                try_files $uri =404;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $request_filename;
                fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
                fastcgi_pass 127.0.0.1:9000;
        }

        # Security headers
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Robots-Tag "none" always;
        add_header X-Download-Options "noopen" always;
        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header Referrer-Policy "no-referrer" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        fastcgi_hide_header X-Powered-By;

        index index.php;

        location ~ (^|/)\. {
                return 403;
        }

        location ~ ^/data/ {
            deny all;
        }
}