server {
	set $app_env "dev";
        listen sistema.m22apps.es:80;

	listen sistema.m22apps.es:443 ssl http2;
	server_name sistema.m22apps.es;

        ssl_certificate      /opt/bitnami/certs/server.crt;
        ssl_certificate_key  /opt/bitnami/certs/server.key;

        ssl_session_cache    shared:SSL:1m;

        ssl_session_timeout  5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1.2;
        ssl_prefer_server_ciphers  on;

        gzip on;
        gzip_disable "msie6";

        gzip_vary on;
        gzip_proxied any;
        gzip_comp_level 6;
        gzip_buffers 16 8k;
        gzip_http_version 1.1;
        gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;


        root /app/public;
	#access_log  off;
        #error_log /LOGS/web/pv_error.log error;

        sendfile off;

        index index.php;

	real_ip_header X-Forwarded-For;
	set_real_ip_from 172.17.0.0/16;

        set $cache_control_header "public, max-age=31536008, s-maxage=31536008";
        set $cache_static_expires 2678408;
        set $cache_control_header_dynamic "max-age=5, s-maxage=5";
        set $cache_dynamic_expires 5;

        if ($http_cookie ~* "wordpress_logged_in_[^=]*=([^%]+)%7C") {
		set $cache_uri "no cache";
                set $cache_control_header "public, max-age=0, s-maxage=0";
                set $cache_control_header_dynamic "max-age=0, s-maxage=0";
                set $cache_dynamic_expires 0;
        }

        if ($request_uri ~* "/(backend|admin)"){
                set $cache_uri "no cache";
                set $cache_control_header "public, max-age=0, s-maxage=0";
                set $cache_control_header_dynamic "max-age=0, s-maxage=0";
                set $cache_dynamic_expires 0;
        }

        location = /favicon.ico {
            log_not_found off;
            access_log off;
        }

        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }
        location / {
                # This is cool because no php is touched for static content.
                # include the "?$args" part so non-default permalinks doesn't break when using query string
		add_header Cache-Control $cache_control_header;
		try_files $uri $uri/ /index.php?$args;
                proxy_set_header X-Real-IP  $remote_addr;
	        proxy_set_header X-Forwarded-For $remote_addr;
	        proxy_set_header X-Forwarded-Proto https;
	        proxy_set_header X-Forwarded-Port 443;
        	proxy_set_header X-Forwarded-Host $remote_addr;
	        proxy_set_header Host $host;
        }


        location ~ \.php$ {
        	default_type text/html;
        	add_header Cache-Control $cache_control_header_dynamic;
		expires $cache_dynamic_expires;
        	try_files $uri =404;
        	fastcgi_split_path_info ^(.+\.php)(/.+)$;
        	fastcgi_pass phpfpm:9000;
        	fastcgi_index index.php;
		fastcgi_buffers 16 16k; 
		fastcgi_buffer_size 32k;
        	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param HTTPS on;
		include fastcgi_params;
        }

        location ~* .(ogg|ogv|svg|svgz|eot|otf|woff|woff2|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
		add_header 'Access-Control-Allow-Origin' '*';
                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

		add_header Cache-Control $cache_control_header;
                expires $cache_static_expires;
                log_not_found off;
                sendfile on;
                sendfile_max_chunk 512k;
        }

}