server {
	listen 80;
	server_name dominio.ufrj.br;
	return 301 https://$server_name$request_uri;
}
 
server {
	listen 443 ssl;
	server_name dominio.ufrj.br;
	root /var/www/html/owncloud;
 
        ssl_certificate     /etc/pki/tls/certs/dominio.ufrj.br.crt;
	ssl_certificate_key /etc/pki/tls/private/dominio.ufrj.br.key;
	ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers         EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!SSLv3:!SSLv2;
	ssl_prefer_server_ciphers on;
 
	## Strict Transport Security header for enhanced security. See
	## http://www.chromium.org/sts.
	add_header Strict-Transport-Security "max-age=15768000";
 
	client_max_body_size 1G; # set max upload size
	fastcgi_buffers 64 4K;
 
	rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
	rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
	rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
 
	index index.php;
	error_page 403 = /core/templates/403.php;
	error_page 404 = /core/templates/404.php;
 
	location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
		deny all;
	}
 
	location / {
		# The following 2 rules are only needed with webfinger
		rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
		rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
 
		rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
		rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
 
		rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
 
		try_files $uri $uri/ index.php;
	}
 
	location ~ ^(.+?\.php)(/.*)?$ {
		try_files $1 = 404;
 
		include fastcgi_params;
		fastcgi_param HTTPS on;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		fastcgi_pass 127.0.0.1:9000;
		#fastcgi_pass unix:/var/run/php5-fpm/oc.sock;
	}
 
	# Optional: set long EXPIRES header on static assets
	location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
		expires 30d;
		# Optional: Don't log access to assets
		access_log off;
	}
}