server {
        listen 80;
        listen [::]:80;
        server_name radioweb.machin.com;

        # Renvoi vers le port 443
        location / {
                return 301 https://$server_name$request_uri;
        }
}

server {
        listen 443 ssl;
        listen [::]:443 ssl;
        server_name radioweb.machin.com;

        index index.php index.html;

        root /website;

        # En avant pour SSL :)
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers HIGH:!aNULL:!MD5;

        ssl_session_cache       shared:SSL:4m;
        ssl_session_timeout     1440m;
        ssl_stapling            on;
        ssl_stapling_verify     on;

        resolver                8.8.8.8 8.8.4.4;

        add_header              Strict-Transport-Security max-age=31536000;

        ssl_certificate /etc/letsencrypt/live/radioweb.machin.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/radioweb.machin.com/privkey.pem;

        # SSL fini !

        # Updates Icecast
        add_header X-Frame-Options DENY;
        add_header X-Content-Type-Options nosniff;

        location /monstream {
                proxy_pass http://127.0.0.1:60000/monstream;
                proxy_set_header Host $host;
                proxy_http_version 1.1;
                proxy_set_header Connection '';
        }

        location ~ \.php$ {

                # MINIMUM FONCTIONNEL PHP
                fastcgi_pass unix:/var/run/php/php-fpm.sock;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                include snippets/fastcgi-php.conf;
                fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
                # /MINIMUM FONCTIONNEL PHP

                # PETIT PLUS PERIGLIONI
                fastcgi_read_timeout 300;
                # /PETIT PLUS PERIGLIONI
        }
}