gistfile1.txt

server {
        listen 443 http2 ssl;
        server_name konesola.22.fi;

        ssl_certificate /etc/letsencrypt/live/somedomain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/somedomain.com/privkey.pem;

        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
        add_header X-XSS-Protection 0 always;
        add_header X-Content-Type-Options nosniff always;
        add_header X-Frame-Options DENY always;

        root /home/somedomain/public_html;

        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 16k;

        # Add index.php to the list if you are using PHP
        index index.php;

        # Security, sort of, should be in a map and in if ()..
        location ~ /\.git {
                deny all;
        }

        location / {
                try_files $uri $uri/ /__wp__/$uri /__wp__/$uri/ @index;
        }
        location ~ \.php$ {
                try_files $uri /__wp__/$uri @index;
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
        }
        location @index {
                include snippets/fastcgi-php.conf;
                fastcgi_param  SCRIPT_FILENAME    $document_root/__wp__/index.php;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
        }

        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                expires max;
                try_files $uri /__wp__/$uri @index;
        }

        # WordPress is stupid
        location = /wp-admin {
                rewrite ^ /wp-admin/ permanent;
        }

        location = / {
                rewrite ^ /__wp__/index.php$is_args$args last;
        }
        location ^~ /__wp__/ {
                rewrite ^/__wp__/(.*)$ $1$is_args$args last;
        }
}