server {
  listen 80;
  listen [::]:80;

  # FIXME: change domain name here (and also make sure you do the same in the next 'server' section)
  server_name social.example.org;

  # redirect all traffic to HTTPS
  rewrite ^ https://$server_name$request_uri? permanent;
}

server {
  # Use HTTPS. Seriously. Set it up with a cert (any cert) before you run the install.
  listen 443 ssl;

  # Server name
  # Change "social.example.org" to your site's domain name
  server_name social.example.org;

  # SSL
  # Uncomment and change the paths to setup
  # your SSL key/cert. See https://cipherli.st/
  # for more information
  ssl_certificate       ssl/certs/social.example.org.crt;
  ssl_certificate_key   ssl/private/social.example.org.key;

  # Logs
  # Uncomment and change the paths to setup
  # logging
  #access_log /path/to/access.log;
  #error_log  /path/to/error.log;

  # Root
  # Change the path below to where you installed
  # GNU social
  root /path/to/gnusocial/root;

  # Index
  index index.php;

  # PHP
  location ~ \.php {
    include snippets/fastcgi-php.conf;

    # This should be the same value as in your (optional) /etc/php5/fpm/pool.d/$server.conf
    fastcgi_pass unix:/var/run/php5-fpm.sock;

    # Remove the "fastcgi_pass" line above and uncomment
    # the one below to use TCP sockets instead of Unix sockets
    #fastcgi_pass 127.0.0.1:9000;
  }

  # Location
  location / {
    try_files $uri $uri/ @gnusocial;
  }

  # Fancy URLs
  location @gnusocial {
    rewrite ^(.*)$ /index.php?p=$1 last;
  }

  # Restrict access that is unnecessary anyway
  location ~ /\.(ht|git) {
    deny all;
  }
}