server {
    listen 80;
    server_name dominio.ufrj.br;
    return 302 https://dominio.ufrj.br$request_uri;
} 
 
server {
    listen 443 ssl; 
 
    server_name dominio.ufrj.br;
 
    ## Keep alive timeout set to a greater value for SSL/TLS.
    keepalive_timeout 75 75;
 
    ## Access and error logs.
    access_log /var/log/nginx/dominio.access.log;
    error_log /var/log/nginx/dominio.error.log;
 
    ## See the keepalive_timeout directive in nginx.conf.
    ssl_certificate         /etc/ssl/localcerts/dominio.ufrj.br.crt;
    ssl_certificate_key     /etc/ssl/private/dominio.ufrj.br.key;
    ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers             EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!SSLv3:!SSLv2;
    ssl_prefer_server_ciphers on;
 
    ## Strict Transport Security header for enhanced security. See
    ## http://www.chromium.org/sts.
    add_header Strict-Transport-Security "max-age=15768000";
 
    root /usr/share/redmine/public;
    index index.html;
 
    ## See the blacklist.conf file at the parent dir: /etc/nginx.
 
    ## All static files will be served directly.
    location ~* ^.+\.(?:css|js|jpe?g|gif|htc|ico|png|html)$ {
        access_log off;
        expires 30d;
        ## No need to bleed constant updates. Send the all shebang in one
        ## fell swoop.
        tcp_nodelay off;
        ## Set the OS file cache.
        open_file_cache max=3000 inactive=120s;
        open_file_cache_valid 45s;
        open_file_cache_min_uses 2;
        open_file_cache_errors off;
    }
 
    ## Support for favicon. Return an 1x1 transparent GIF if it doesn't
    ## exist.
    location = /favicon.ico {
        expires 30d;
        try_files /favicon.ico @empty;
    }
 
    ## Return an in memory 1x1 transparent GIF.
    location @empty {
        expires 30d;
        empty_gif;
    }
 
    ## Protect .git files.
    location ^~ /.git {
        return 404;
    }
} 

server {
    server_name dominio.ufrj.br;
    root /srv/www/dominio.ufrj.br/site; 
    access_log /var/log/nginx/access.dominio.ufrj.br.log;
    error_log /var/log/nginx/error.dominio.ufrj.br.log;
 
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }
 
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
 
    # Very rarely should these ever be accessed outside of your lan
    location ~* \.(txt|log)$ {
        #allow 192.168.0.0/16;
        deny all;
    }
 
    location ~ \..*/.*\.php$ {
        return 403;
    }
 
    location ~ ^/sites/.*/private/ {
        return 403;
    }
 
    # Block access to "hidden" files and directories whose names begin with a
    # period. This includes directories used by version control systems such
    # as Subversion or Git to store control files.
    location ~ (^|/)\. {
        return 403;
    }
 
    location / {
        # try_files $uri @rewrite; # For Drupal <= 6
        try_files $uri /index.php?$query_string; # For Drupal >= 7
    }
 
    location @rewrite {
        rewrite ^/(.*)$ /index.php?q=$1;
    }
 
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $request_filename;
        fastcgi_intercept_errors on;
        fastcgi_pass unix:/srv/www/dominio.ufrj.br/php-fpm.sock;
    }
 
    # Fighting with Styles? This little gem is amazing.
    # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
    location ~ ^/sites/.*/files/styles/ { # For Drpal >= 7
        try_files $uri @rewrite;
    }
 
    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires max;
        log_not_found off;
    }
}