server {
    listen 80;
    server_name {{const.FQDN}};
    rewrite ^ https://{{const.FQDN}}$request_uri?;
}

server {
    root /var/www/html;
    add_header X-Frame-Options "DENY";
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    listen 443 ssl;
    server_name {{const.FQDN}};
    client_max_body_size 10G;
    ssl_certificate {{certificate_path}};
    ssl_certificate_key {{key_path}};
    ssl_client_certificate {{authority_path}};
    ssl_crl {{revocations_path}};
    ssl_verify_client {{verify_client}};

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param REMOTE_USER $ssl_client_s_dn_cn;
        include fastcgi_params;
    }
}