# Nginx basic configuration
# Features
# * HTTPS only
# * PHP fastcgi

user http http;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
#error_log  logs/debug.log  debug;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    root          /srv/http/;
    include       mime.types;
    default_type  application/octet-stream;

# 
    ssl_session_cache    shared:SSL:10m;
    ssl_session_timeout  10m;

    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

# Redirect insecure connections to secure one
    server {
        listen 80;
        server_name %HOSTNAME%;

        rewrite ^(.*) https://$server_name$1 permanent;
    }

    # HTTPS server
    #
    # Install scripts should change %HOSTNAME% into real hostname
    server {
        listen       443 default ssl;
        server_name  %HOSTNAME%;
        root /srv/http/%HOSTNAME%;

        #ssl                  on;
        ssl_certificate      /etc/ssl/certs/local.crt;
        ssl_certificate_key  /etc/ssl/private/local.key;


        location / {
            index  index.html index.htm index.php;
        }

        location ~ \.(php|inc)$ {
            include        fastcgi_params;
            fastcgi_pass   unix:/var/run/php-fpm/php-fpm.sock;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  /srv/http/%HOSTNAME%/$fastcgi_script_name;
        }
    }
}