server {
    # SLB IP
    listen 213.180.204.24:443 ssl;
    listen [2a02:6b8::24]:443 ssl;

    # Server IP
    listen [1::2:3:4]:443 ssl;
    listen 127.0.0.1:443 ssl;
    listen [::1]:443 ssl;

    server_name magic.passport.yandex.az magic.passport.yandex.by magic.passport.yandex.co.il magic.passport.yandex.com magic.passport.yandex.com.am magic.passport.yandex.com.ge magic.passport.yandex.com.tr magic.passport.yandex.ee magic.passport.yandex.eu magic.passport.yandex.fi magic.passport.yandex.fr magic.passport.yandex.kg magic.passport.yandex.kz magic.passport.yandex.lt magic.passport.yandex.lv magic.passport.yandex.md magic.passport.yandex.pl magic.passport.yandex.ru magic.passport.yandex.tj magic.passport.yandex.tm magic.passport.yandex.ua magic.passport.yandex.uz;
    root /srv;

    ssl_certificate             /etc/nginx/certs/magic.passport.yandex.ru.crt;
    ssl_certificate_key         /etc/nginx/certs/magic.passport.yandex.ru.key;
    ssl_session_cache           shared:SSL:256m;
    ssl_session_timeout         28h;
    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                 kEECDH+AES128:kEECDH:-3DES:kRSA+AES128:DES-CBC3-SHA:!kEDH:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2;
    ssl_prefer_server_ciphers   on;

    add_header Strict-Transport-Security "max-age=315360000; includeSubDomains";

    set $global_request_id $request_id;

    location = /robots.txt {
        root /usr/lib/yandex/yandex-passport-magic-qr-frontend;
    }

    location / {
        proxy_pass http://127.0.0.1:4000;
        proxy_set_header X-Request-Id $global_request_id;
        proxy_set_header Host $host;
        proxy_set_header X-Real-Scheme $scheme;
        proxy_set_header X-Real-IP $remote_addr;
    }
}
