server {
	listen 80 default_server;
	listen [::]:80 default_server;

	root /var/www/wiki;

	# Add index.php to the list if you are using PHP
	index index.php index.html index.htm;

	server_name localhost;

	access_log /var/log/nginx/wiki-access.log;
	error_log /var/log/nginx/wiki-error.log;

	# Activate HSTS (HTTP Strict Transport Security)
	# Note: reinclude if in a location a header is set
	include snippets/hsts.conf;

	# Allow favicon.ico, robots.txt, .well-known/
	# Deny *.txt, *.log, .*/*.php, .*, *.json, .lock, *.ht
	include snippets/allowed.conf;
	include snippets/denied.conf;

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
		error_page 404 = @mediawiki;
	}
	# Rewrite for Short-URL
	location @mediawiki {
		rewrite ^/wiki([^?]*)(?:\?(.*))? /index.php?title=$1&$2 last;
	}

	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
	#	# With php7.2-fpm:
		fastcgi_pass unix:/run/php/php7.2-fpm.sock;
	}
	
	# Disable php in /images/ (security)
	location ^~ /images/ {
		#Served like static files
	}
	# Deny access to deleted images folder
	location ^~ /images/deleted/ {
		deny all;
	}
	# Deny access to MediaWiki dirs
	location ^~ /cache/ { deny all; }
	location ^~ /languages/ { deny all; }
	location ^~ /maintenance/ { deny all; }
	location ^~ /serialized/ { deny all; }
	location ^~ /mw-config/ { deny all; }
	# Deny .svn and .git
	location ~ /.(svn|git)(/|$) { deny all; }
}