server {
    listen 80;
    listen [::]:80;

    # Redirect HTTP to HTTPS
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    ssl_certificate /etc/nginx/ssl/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/privkey.pem;

    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    server_name mpgram;

    root  /var/www/mpgram;

    access_log /var/log/nginx/mpgram-access.log;
    error_log /var/log/nginx/mpgram-error.log;

    location / {
        index index.html index.htm index.php;
    }

    location ~ (/s/|MadelineProto.log) {
      deny all;
    }

    location ~ \.php$ {
        # 404
        try_files $fastcgi_script_name =404;

        include fastcgi_params;

        fastcgi_pass app-upstream;

        fastcgi_index index.php;
        fastcgi_send_timeout 21600;
        fastcgi_read_timeout 21600;

        # make SERVER_NAME behave same as HTTP_HOST
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        fastcgi_param SERVER_NAME $host;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }


    error_page 404 /404.html;

    location /404.html {}
}