Srokap/elgg Secret

## elgg

server {
	listen 80;
	#listen 443;
	server_name v.srokap.pl;
	rewrite ^ https://$server_name$request_uri? permanent;
	#rewrite ^ http://$server_name$request_uri? permanent;
}

server {
	listen 443;
	#listen 80;
	server_name v.srokap.pl;

	root /var/www/html;
	index index.php index.html index.htm;

	ssl on;
	ssl_certificate /var/www/certs/v.srokap.pl.crt;
	ssl_certificate_key /var/www/certs/v.srokap.pl_nopass.key;

	ssl_session_cache   builtin:1000 shared:SSL:10m;
	ssl_session_timeout 10m;

	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
	#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
	#ssl_ciphers HIGH:!aNULL:!MD5;
	ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA;

	ssl_prefer_server_ciphers on;

	location ~ (^\.|/\.) {
		return 403;
	}

	location /cache {
		rewrite ^/cache\/(.*)$ /engine/handlers/cache_handler.php?request=$1&$query_string;
	}

	location /export {
		rewrite ^/export\/([A-Za-z]+)\/([0-9]+)\/?$ /engine/handlers/export_handler.php?view=$1&guid=$2;
		rewrite ^/export\/([A-Za-z]+)\/([0-9]+)\/([A-Za-z]+)\/([A-Za-z0-9\_]+)\/$ /engine/handlers/export_handler.php?view=$1&guid=$2&type=$3&idname=$4;
	}

	location = /rewrite.php {
		rewrite ^(.*)$ /install.php;
	}

	location / {
		try_files $uri $uri/ /index.php?__elgg_uri=$uri&$query_string;
	}

	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	location ~ \.php$ {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
	#	# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
	#
	#	# With php5-cgi alone:
	#	fastcgi_pass 127.0.0.1:9000;
	#	# With php5-fpm:
		fastcgi_pass unix:/var/run/php5-fpm.sock;
		fastcgi_index index.php;
		include fastcgi_params;
	}
}

	server {
	listen 80;
	#listen 443;
	server_name v.srokap.pl;
	rewrite ^ https://$server_name$request_uri? permanent;
	#rewrite ^ http://$server_name$request_uri? permanent;
	}

	server {
	listen 443;
	#listen 80;
	server_name v.srokap.pl;

	root /var/www/html;
	index index.php index.html index.htm;

	ssl on;
	ssl_certificate /var/www/certs/v.srokap.pl.crt;
	ssl_certificate_key /var/www/certs/v.srokap.pl_nopass.key;

	ssl_session_cache builtin:1000 shared:SSL:10m;
	ssl_session_timeout 10m;

	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
	#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
	#ssl_ciphers HIGH:!aNULL:!MD5;
	ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA;

	ssl_prefer_server_ciphers on;

	location ~ (^\.\|/\.) {
	return 403;
	}

	location /cache {
	rewrite ^/cache\/(.*)$ /engine/handlers/cache_handler.php?request=$1&$query_string;
	}

	location /export {
	rewrite ^/export\/([A-Za-z]+)\/([0-9]+)\/?$ /engine/handlers/export_handler.php?view=$1&guid=$2;
	rewrite ^/export\/([A-Za-z]+)\/([0-9]+)\/([A-Za-z]+)\/([A-Za-z0-9\_]+)\/$ /engine/handlers/export_handler.php?view=$1&guid=$2&type=$3&idname=$4;
	}

	location = /rewrite.php {
	rewrite ^(.*)$ /install.php;
	}

	location / {
	try_files $uri $uri/ /index.php?__elgg_uri=$uri&$query_string;
	}

	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	location ~ \.php$ {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
	#
	# # With php5-cgi alone:
	# fastcgi_pass 127.0.0.1:9000;
	# # With php5-fpm:
	fastcgi_pass unix:/var/run/php5-fpm.sock;
	fastcgi_index index.php;
	include fastcgi_params;
	}
	}