server {
  listen 192.168.200.1:80;
  server_name wiki.rpi www.wiki.rpi;
  # enforce https
  return 301 https://$server_name$request_uri;
}

server {
  listen 192.168.200.1:443 ssl;
  server_name wiki.rpi www.wiki.rpi;

  ssl_certificate /etc/nginx/ssl/wiki.rpi/ssl.crt;
  ssl_certificate_key /etc/nginx/ssl/wiki.rpi/ssl.key;

	#ssl conf from dev
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_dhparam /etc/nginx/ssl/dhparam.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
        ssl_prefer_server_ciphers on;



  # Path to the root of your installation
  root /var/www/wiki.rpi/public;

  # set max upload size
  client_max_body_size 1G;
  fastcgi_buffers 64 4K;

  gzip on;

  index index.php index.html;


    # Default location
    location / {
        try_files $uri $uri/;
    }

  # Deny access to hidden files
    location ~* /\. {
    deny            all;
    }

    location ~ /data/ {
        internal;
    }

    # PHP
    location ~ \.php$ {
        try_files               $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass            unix:/run/wiki.php5-fpm.sock;
	fastcgi_param 		HTTPS on;
        fastcgi_index           index.php;
        fastcgi_param           SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include                 fastcgi_params;
	}
}