server {
        listen 443 ssl spdy;
        add_header Strict-Transport-Security max-age=31536000;
        add_header X-Frame-Options "DENY";
        server_name wiki.example.com;

        root /var/www/wiki.example.com;

        charset utf-8;
        gzip on;

        ssl on;
        ssl_certificate /etc/nginx/wiki.example.com.pem;
        ssl_certificate_key /etc/nginx/wiki.example.com.key;

        ssl_session_timeout 5m;

        ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA;
        ssl_session_cache  builtin:1000  shared:SSL:10m;
        ssl_prefer_server_ciphers on;
        ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;

        location / {
                index doku.php;
                try_files $uri $uri/ @dokuwiki;
        }

        location @dokuwiki {
                rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
                rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
                rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
		rewrite ^/tag/(.*) /doku.php?id=tag:$1&do=showtag&tag=tag:$1 last;
                rewrite ^/(.*) /doku.php?id=$1 last;
        }


       # pass the PHP scripts to FastCGI server listening on unix:/var/run/php5-fpm.sock
       location ~ \.php$ {
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                include fastcgi_params;
                fastcgi_pass_header X-Accel-Redirect;
        }

        location ~ /(data|conf|bin|inc)/ {
                deny all;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        location ~ /\.ht { deny all; }

        # Deny access to  hiden files
        location ~ /\. { deny  all; }
}