server_tokens off;
client_header_buffer_size 512;
client_max_body_size 512;

server {
    listen 443 ssl;
    listen [::]:443 ipv6only=on ssl;

    root /var/www/fic2014-server/htdocs/;

    server_tokens off;

    access_log /var/log/nginx/fic.access_log;
    error_log /var/log/nginx/fic.error_log;

    ssl_certificate		/var/www/fic2014-server/misc/server.crt;
    ssl_certificate_key		/var/www/fic2014-server/misc/server.key;
    ssl_protocols		TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers	on;
    ssl_ciphers			ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
    ssl_client_certificate	/var/www/fic2014-server/misc/pki/cacert.crt;
    ssl_verify_client		optional;
    ssl_crl			/var/www/fic2014-server/misc/pki/crl.pem;	

    add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";

    error_page 400 /errors/400/index.html;
    error_page 403 /errors/403/index.html;
    error_page 404 /errors/404/index.html;
    error_page 413 414 /errors/413/index.html;
    error_page 500 503 /errors/500/index.html;
    error_page 502 504 /errors/502/index.html;

    location /
    {
	default_type text/html;
	expires epoch;

	set $team 0;

        if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=bombal_s/") { set $team 161; }
        if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_1/") { set $team 166; }
        if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_2/") { set $team 167; }
        if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_3/") { set $team 168; }
        if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_4/") { set $team 169; }
        if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_5/") { set $team 170; }
        if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_6/") { set $team 171; }
        if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_7/") { set $team 172; }
        if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Groupe_8/") { set $team 173; }

	if ($team) {
            root /var/www/fic2014-server/teams/$team$1;
	    rewrite ^/([0-9]+-?[a-zA-Z0-9_-]*)/([a-zA-Z0-9_]+)/submission$ /submission.php?team=$team&theme=$1&exercice=$2 last;
        }
	if ($team = 0) {
	    root /var/www/fic2014-server/htdocs/;
	}
    }

    location /errors
    {
	root /var/www/fic2014-server/;
    }

    location /connected
    {
        return 403;
    }

    location /files
    {
        root /var/www/fic2014-server/;

    	aio on;
    	directio 512;
    	output_buffers 1 128k;
    }

    location ~* \favicon.ico$ {
	root /var/www/fic2014-server/htdocs/;
        access_log off;
        expires 1d;
        add_header Cache-Control public;
    }

    location ~ ^/(assets|img|js|css|fonts)/ {
	root /var/www/fic2014-server/htdocs/;
        access_log off;
        expires 7d;
        add_header Cache-Control public;
    }

    location ~ /(\.ht|\.git|\.svn|\.onyx) {
        return 403;
    }

    location /submission.php
    {
	root	      /var/www/fic2014-server/;

    	limit_rate       1k;

        include       /etc/nginx/fastcgi.conf;
        fastcgi_pass  unix:/var/run/php-fpm.sock;
	break;
    }
}