# prevent HTTPoxy vulnerability
fastcgi_param HTTP_PROXY "";

location / {
    if ($http_x_forwarded_proto != "https") {
        return 301 https://$host$request_uri;
    }
    # try to serve file directly, fallback to rewrite
    try_files $uri @rewriteapp;
}

location @rewriteapp {
    # rewrite all to index.php
    rewrite ^(.*)$ /index.php$1 last;
}