# https://www.howtoforge.com/tutorial/install-letsencrypt-and-secure-nginx-in-debian-9/
# NOT USED
server {
  listen 443 ssl default_server;
  listen [::]:443 ssl default_server;

  server_name  www.yourdomain.com yourdomain.com;
  #server_name _;

  root /var/www/html;

  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;

  #SSL Certificates
  ssl_certificate "/etc/letsencrypt/live/www.yourdomain.com/cert.pem";
  ssl_certificate_key "/etc/letsencrypt/live/www. yourdomain.com/privkey.pem";
  ssl_dhparam /etc/nginx/dhparam.pem;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  #ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  ssl_session_cache shared:SSL:1m;
  ssl_session_timeout 10m;
  ssl_ciphers HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers  on;

  add_header Strict-Transport-Security "max-age=31536000;
  #includeSubDomains" always;

  location / {
    index index.php index.html index.htm;
    try_files $uri $uri/ /index.php?$args $uri/ =404;
  }

  set $cache_uri $request_uri;

  location ~ /.well-known {
    allow all;
  }

  # pass PHP scripts to FastCGI server
  location ~ \.php$ {
    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  }

  # deny access to .htaccess files, if Apache's document root
  # concurs with nginx's one
  location ~ /\.ht {
    deny all;
  }

}