server {
    listen 80;
    server_name {{ common_name }};
    rewrite ^ https://{{ common_name }}\$request_uri?;
}

server {
    root /var/www/html;
    add_header X-Frame-Options "DENY";
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    listen 443 ssl;
    server_name $NAME;
    client_max_body_size 10G;
    ssl_certificate {{certificate_path}};
    ssl_certificate_key {{key_path}};
    ssl_client_certificate {{authority_path}};

    # Uncomment following to enable mutual authentication with certificates
    #ssl_crl {{revocations_path}};
    #ssl_verify_client on;

    location ~ \.php\$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param REMOTE_USER \$ssl_client_s_dn_cn;
        include fastcgi_params;
    }
}