nginx_ssl.conf

user www-data;
worker_processes 4;
pid /run/nginx.pid;
daemon off;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "msie6";

  upstream php-handler {
    #server 127.0.0.1:9000;
    server unix:/var/run/php5-fpm.sock;
}

  server {
          listen 80;
          server_name cloud.example.com;
          return 301 https://$server_name$request_uri;  # enforce https
  }

  server {
          listen 443 ssl;
          
         ssl_certificate -x-replace-cert-x-;
         ssl_certificate_key -x-replace-key-x-; 

          # Path to the root of your installation
          root /var/www/;

          client_max_body_size 10G; # set max upload size
          fastcgi_buffers 64 4K;

          rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
          rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
          rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

          index index.php;
          error_page 403 /core/templates/403.php;
          error_page 404 /core/templates/404.php;

          location = /robots.txt {
              allow all;
              log_not_found off;
              access_log off;
          }

          location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README) {
                  deny all;
          }

          location / {
                  # The following 2 rules are only needed with webfinger
                  rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
                  rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

                  rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
                  rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

                  rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

                  try_files $uri $uri/ index.php;
          }

          location ~ \.php(?:$|/) {
                  fastcgi_split_path_info ^(.+\.php)(/.+)$;
                  include fastcgi_params;
                  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                  fastcgi_param PATH_INFO $fastcgi_path_info;
                  fastcgi_param HTTPS on;
                  fastcgi_pass php-handler;
          }

          # Optional: set long EXPIRES header on static assets
          location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
                  expires 30d;
                  # Optional: Don't log access to assets
                  access_log off;
          }

  }
}