server {
    listen 80;
    server_name localhost;
    root /var/www/html/public;
    index index.php index.html;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
    
    # Deny access to . files
    location ~ /\. {
        deny all;
    }

    # Deny access to sensitive folders explicitly if root wasn't public (safety net)
    location ~ ^/(app|docker|docs|routes|src|temp_debug)/ {
        deny all;
    }
}