server {
    server_name _;
    listen 80 default_server;
    listen [::]:80 default_server;

    location / {
        return 301 https://$host$request_uri;
    }

    location /.well-known/acme-challenge/ {
        alias /acme-challenge/;
    }
}

server {
    server_name _;
    listen 443 default_server ssl;
    listen [::]:443 default_server ssl;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers kEECDH+AES128:kEECDH:kEDH:3DES:AES128:kEDH+3DES:kRSA+AES128:!EDH-RSA-DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA:!DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2;

    ssl_certificate      /etc/nginx/ssl/ssl.pem;
    ssl_certificate_key  /etc/nginx/ssl/ssl.pem;

    ssl_session_cache shared:SSL:64m;
    ssl_session_timeout 12h;

    keepalive_timeout 120 120;

    root /app/public;

    location / {
        rewrite ^ /index.php;
    }

    location = /yandex-manifest.json {
        root /app/public;
    }

    location = /robots.txt {
        root /app/public;
    }

    location ~ ^/index.php$ {
        fastcgi_pass 	127.0.0.1:9000;

        include         fastcgi.conf;
        fastcgi_param   PATH_INFO $uri;
        fastcgi_buffer_size 128k;
        fastcgi_buffers 256 16k;
        fastcgi_busy_buffers_size 256k;
        fastcgi_temp_file_write_size 256k;
    }

    location /static/ {
        alias /app/public/static/;
    }
}
