--- /dev/null
+server {
+ listen 80;
+ listen [::]:80;
+
+ # FIXME: change domain name here (and also make sure you do the same in the next 'server' section)
+ server_name social.example.org;
+
+ # redirect all traffic to HTTPS
+ rewrite ^ https://$server_name$request_uri? permanent;
+}
+
+server {
+ # Use HTTPS. Seriously. Set it up with a cert (any cert) before you run the install.
+ listen 443 ssl;
+
+ # Server name
+ # Change "social.example.org" to your site's domain name
+ server_name social.example.org;
+
+ # SSL
+ # Uncomment and change the paths to setup
+ # your SSL key/cert. See https://cipherli.st/
+ # for more information
+ ssl_certificate ssl/certs/social.example.org.crt;
+ ssl_certificate_key ssl/private/social.example.org.key;
+
+ # Logs
+ # Uncomment and change the paths to setup
+ # logging
+ #access_log /path/to/access.log;
+ #error_log /path/to/error.log;
+
+ # Root
+ # Change the path below to where you installed
+ # GNU social
+ root /path/to/gnusocial/root;
+
+ # Index
+ index index.php;
+
+ # PHP
+ location ~ \.php {
+ include snippets/fastcgi-php.conf;
+
+ # This should be the same value as in your (optional) /etc/php5/fpm/pool.d/$server.conf
+ fastcgi_pass unix:/var/run/php5-fpm.sock;
+
+ # Remove the "fastcgi_pass" line above and uncomment
+ # the one below to use TCP sockets instead of Unix sockets
+ #fastcgi_pass 127.0.0.1:9000;
+ }
+
+ # Location
+ location / {
+ try_files $uri $uri/ @gnusocial;
+ }
+
+ # Fancy URLs
+ location @gnusocial {
+ rewrite ^(.*)$ /index.php?p=$1 last;
+ }
+
+ # Restrict access that is unnecessary anyway
+ location ~ /\.(ht|git) {
+ deny all;
+ }
+}
+