# http всегда будет переадресовываться на https.
server {
        listen      80;
        server_name mail.example.com;
        rewrite     ^   https://$server_name$request_uri? permanent;
}

server {
        listen 443 ssl;
        server_name mail.example.com;
        root /var/www/mail.example.com;
        
        ssl                 on;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
        # Путь до файла с SSL-сертификатом
        ssl_certificate     /etc/ssl/mail_example_com.crt;
        # Путь до файла с закрытым ключем
        ssl_certificate_key /etc/ssl/mail_example_com.key;
        ssl_prefer_server_ciphers on;
        ssl_session_cache   shared:SSL:10m;
        ssl_session_timeout 10m;

        keepalive_timeout   70;
        client_max_body_size 10G;
        fastcgi_buffers 64 4K;
        gzip off;

        index index.php;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php(?:$|/) {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
                include fastcgi_params;
                fastcgi_param HTTP_PROXY "";
                fastcgi_param HTTPS on;
                fastcgi_intercept_errors on;
        }

        location ~ /\.ht {
                deny all;
        }

        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }

        location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
                access_log off;
        }

}