server {
    listen 443 ssl;
    listen [::]:443 ipv6only=on ssl;

    root /var/www/fic2014-server/htdocs/;

    access_log /var/log/nginx/fic.access_log;
    error_log /var/log/nginx/fic.error_log;

    ssl_certificate		/var/www/fic2014-server/misc/server.crt;
    ssl_certificate_key		/var/www/fic2014-server/misc/server.key;
    ssl_protocols		TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers	on;
    ssl_ciphers			ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
    ssl_client_certificate	/var/www/fic2014-server/misc/pki/cacert.crt;
    ssl_verify_client		on;
    add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";

    location /
    {
	default_type text/html;
        if ($ssl_client_s_dn !~ "/C=FR/ST=France/O=Epita/OU=SRS/")
        {
	    return 401;	
        }

        if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Team1/") {
            root /var/www/fic2014-server/htdocs/connected/166$1;

	    rewrite ^/submission-([0-9]+)-([0-9]+).html$ /submission.php?team=166&theme=$1&exercice=$2 last;
        }
    }

    location ~* \favicon.ico$ {
        access_log off;
        expires 1d;
        add_header Cache-Control public;
    }

    location ~ ^/(img|js|css)/ {
        access_log off;
        expires 7d;
        add_header Cache-Control public;
    }

    location ~ /(\.ht|\.git|\.svn|\.onyx) {
        return 403;
    }

    location /submission.php
    {
	root	      /var/www/fic2014-server/;
        include       /etc/nginx/fastcgi.conf;
        fastcgi_pass  unix:/var/run/fastcgi/php-fpm.sock;
	break;
    }

}