server {
	listen			80;

	location / {
		  return 301 https://$host$request_uri;
	}
}

server {
	listen		443 ssl http2;
	server_name  	example.com www.example.com;
	root         	/usr/share/nginx/www;
  	index  		index.html;

	charset		utf-8;
    	access_log  	/var/log/host_access.log;
    	error_log	/var/log/host_error.log;

	ssl_protocols		  TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers  		  HIGH:!aNULL:!MD5;
	ssl_certificate		  /ssl/cert_example.crt;
	ssl_certificate_key	  /ssl/example.key;
	ssl_session_cache   	  shared:SSL:10m;
    	ssl_session_timeout 	   10m;
    	ssl_prefer_server_ciphers  on;
    	http2_chunk_size 8k;
    
    location / {
    	include naxsi.rules;
    }

    location ~* ^(.+\.php)(.*)$ {
    	fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    	include /etc/nginx/fastcgi.conf;

    	if (!-f $document_root$fastcgi_script_name) {
        		return 404;
    	}

    	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    	fastcgi_temp_path /var/cache/nginx/fastcgi_temp 1 2;
    	fastcgi_pass 127.0.0.1:9000;
        fastcgi_buffering on;
    	fastcgi_buffer_size 8k;
    	fastcgi_buffers 8 8k;
    	fastcgi_busy_buffers_size 8k;
    }

    location ~* \.(css|png|…)$ {
            expire max;
        }
}