server updated

!information/previous/.env

+PROJECT=biuro-staging
+
+IMAGE_NGINX=nginx:1.15.7
+IMAGE_MYSQL=mariadb:10.3
+IMAGE_WORDPRESS=simoncereska/biuro-staging:0.0.3
+
+DB_NAME=staging_biuro
+DB_HOST=mysql
+DB_USERNAME=staging_user
+DB_PASSWORD=qzl8pMNV^gZ&c1!7ebVsXqQh
+DB_ROOT_PASSWORD=#w1ML4QfWaR*8dBYRL7aZJI$
+
+NGINX_NAME_LT=staging.biuro.lt
+NGINX_NAME_LV=staging.biuro.lv
+NGINX_NAME_EE=staging.biuro.ee

!information/previous/certs-data/.well-known/acme-challenge/-Y9wFToUitXAwd_AzdlWkm3RvUp_qrwoTiPJfi4-SCc

+-Y9wFToUitXAwd_AzdlWkm3RvUp_qrwoTiPJfi4-SCc.-vMlwrb8xE2YHOWynfF_5tlWgcnjKw84pPfShJR0vh4
\ No newline at end of file

!information/previous/certs-data/.well-known/acme-challenge/8ZXVNDTvpSeZGLjWMndtLtWfuKj19HPUQ-Lwo0K9RNQ

+8ZXVNDTvpSeZGLjWMndtLtWfuKj19HPUQ-Lwo0K9RNQ.-vMlwrb8xE2YHOWynfF_5tlWgcnjKw84pPfShJR0vh4
\ No newline at end of file

!information/previous/certs-data/.well-known/acme-challenge/NAiOwt5ZOwuEEIlarWTQzx6KMM-cbNo9UMDIFPGolt4

+NAiOwt5ZOwuEEIlarWTQzx6KMM-cbNo9UMDIFPGolt4.-vMlwrb8xE2YHOWynfF_5tlWgcnjKw84pPfShJR0vh4
\ No newline at end of file

!information/previous/certs-data/.well-known/acme-challenge/YVm39PlJyqLxTqhU-pOINHMc57vM7csXiPOyY68ZFbo

+YVm39PlJyqLxTqhU-pOINHMc57vM7csXiPOyY68ZFbo.-vMlwrb8xE2YHOWynfF_5tlWgcnjKw84pPfShJR0vh4
\ No newline at end of file

!information/previous/certs/biuro.ee/ca-bundle.pem

+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----

!information/previous/certs/biuro.ee/certificate.pem

+-----BEGIN CERTIFICATE-----
+MIIFdTCCBF2gAwIBAgISA4ujuYPUr58GoShRiGmuAecTMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODEyMTMwNTU2MzJaFw0x
+OTAzMTMwNTU2MzJaMBMxETAPBgNVBAMTCGJpdXJvLmVlMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA1kxA+f/1qSDIhiyxxDj0Lj+kt3zGig317MiuC6S5
+8aTqRrX+aQbMSuWhEkKAAgXg7apfr1xFmqGIv0aWcqH2vVQ+PHdGO4dnGdsdVVrA
+IdcVNekN/66PnfC5cf0NlsmwmiN/iPLykeGK0A3p8VCCwFFIfJ6YjtO6lJKkAvEb
+ucMKq1BIHUUDl1eSuz18H8frPqBQslStXToIWlmspIbb82uhOGBJYUYDppVfCMwv
+ODrcpBsQrEOQ0c2TbZeaeZ97t5nAJ3F5LF8b8IZxRCML5rTnHWhHU6qTCERXxEX4
+8oaVRlvBN5WeCCr7QWj3sSCI74Vzj+qjonC82XtwUqYhFwIDAQABo4ICijCCAoYw
+DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAM
+BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTpgGUo7JOrkjuiYOLYQvbin0vPvTAfBgNV
+HSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYI
+KwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYI
+KwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMEEG
+A1UdEQQ6MDiCCGJpdXJvLmVlggxkZXYuYml1cm8uZWWCEHN0YWdpbmcuYml1cm8u
+ZWWCDHd3dy5iaXVyby5lZTBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLf
+EwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCC
+AQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1AOJpS64m6OlACeiGG7Y7g9Q+5/50iPuk
+jyiTAZ3d8dv+AAABZ6ZaRFwAAAQDAEYwRAIgEKGNkSgVjgZXDTPlwo68/1gt4I3t
+8XEeK+3pjXKc5SoCIHjnxGV//NHssODSc6lj9+rqHq3nEZxUSthFtbBTv7h9AHYA
+Y/Lbzeg7zCzPC3KEJ1drM6SNYXePvXWmOLHHaFRL2I0AAAFnplpCaQAABAMARzBF
+AiEA2Ha5clsCtlLEUZPNBS2N5/JZ8R1YkwvGTX0vhfSALf8CICIpI3NgenI15WqI
+FozzBpTiO3zsDb+d/f2DjAtW6ftDMA0GCSqGSIb3DQEBCwUAA4IBAQBE+67q27GC
+lP9ioH0ownwvNq5K7tYPqeU8wXFQ7NmHWDDokHWOCKu/zdDIk8DTzS1XmonkZJy8
+9GTyuIg8PLB3zweLIXQ/RP7Wml5yB3G7+T3aeD31/tUK1FxJwBowgcS81nBmJ+b4
+gWYG39m3D3nPHbs1lJDwnACZeNyXVUODx1aliyoIOpmOBJL2FMdhzAE/sM85bsXJ
+ZeuWPUUVfJW5oJdmUbrb2U+JOEq7S9LyQ0Cpt7fNuP0H2KA2bBC3ugq+KqPQrrw+
+ShXsHrnGijA6Ni7+IJG48thLDYSimG/paUQL+ZVZ2KeQAh/c9EkgH0TneVdr0wus
+PUwCZ4n1eP6Y
+-----END CERTIFICATE-----

!information/previous/certs/biuro.ee/privkey.pem

+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDWTED5//WpIMiG
+LLHEOPQuP6S3fMaKDfXsyK4LpLnxpOpGtf5pBsxK5aESQoACBeDtql+vXEWaoYi/
+RpZyofa9VD48d0Y7h2cZ2x1VWsAh1xU16Q3/ro+d8Llx/Q2WybCaI3+I8vKR4YrQ
+DenxUILAUUh8npiO07qUkqQC8Ru5wwqrUEgdRQOXV5K7PXwfx+s+oFCyVK1dOgha
+Waykhtvza6E4YElhRgOmlV8IzC84OtykGxCsQ5DRzZNtl5p5n3u3mcAncXksXxvw
+hnFEIwvmtOcdaEdTqpMIRFfERfjyhpVGW8E3lZ4IKvtBaPexIIjvhXOP6qOicLzZ
+e3BSpiEXAgMBAAECggEALsfNpWWJWKbV72hhVA8EyvXMvNtpsehzR4HVcKhAiS4x
+kEcZZw77WNxA6a4HqKlk3S0En1DaxvM9WVgM7rBJnzH9NhDpjYQ07xGEmUXqzFha
+An9CNY8DPfy3VtlhdonH2hYmuJwkdNESDvICoFGtgVMdKksqzX8N63IJiLTekxHJ
+BhUAroMKLQPbuPwadau2N2vRmxQRC0iYB+uQEVRcYgx2fzg4MJDTisMNzO4CaoyF
+hVBglCRrkul/bo1kwB6PtbAzHXVsfjR99D9CTESp7AKAQtyq7uEuIwAtAvi5i1kz
+li/k3ZEnFnniy7DIH5iGgein5qnYlRSt+VUzIGSumQKBgQDsMiwk3sVQETYEf9XB
+vsEBzKBsTtPPXhWPEze9mIKDf/hvlRhp0l7qdIRr3lSbMSQxK84WhXY2c2WO1wIY
+x4xi4Qn778mHb7RMNwMBDchq6rer+qU//0VufjNVLttyFiG9e43v/HLTSFTEHHCY
+cp2vxWd29Hpq7VhNQerZDDj9yQKBgQDoRAyeyvHREN8Or8pnwfboYx6/8xBGsmki
+3h7CADVO/JeSToNfUOZc4wkqNUBp9TtC/7uk8K6QBJPMXU79czUgHdNvnvB132ZR
+xhI47/gDBbKyolaPIEkslp9WpZjTv/3mbnQdKiwO7E3ClzjGl8yh2LSjsf+MOpIf
+cdvvJpQX3wKBgQCwYkNfAVFeGow5TfGmLrpZiqMeXruENyFoaBSPLI4Cf5VaVoAV
+vnkNIxgkqbKK9matpaXQYbhGr2RfCCdTs+kdiip3jrjzwDJnXAmNRuqtFT02XAX9
+xbbm7a2N5mEQUIC/zL3RQrfJGlHa5dYbsjQZqBQ83BNzOG1hvGER1zPUKQKBgHP2
+BZcCG9kVY0gh3BwRawR6+E89O1MQoA0YeKLDF9pnogUZzd04tsqJT3oTPCWqmfvJ
+UhX3VC/zGRdfPqCrdEqkmXuRDtzKvHr3OQHUTS61GZK2GiE7LU1lpgfMhZCyukDh
+xHcLJxQMRoZwmZgNEc18NDPGGqAYXfv1DKlJyYZhAoGAJ+lXklUrznejkhja7f+a
+jcxyxcmEaib2CcF34PYBQyAExzfroWHfTBv/IXTOrU1UtvTYET2JmPBj1975fbSe
+nysSV/tkHM6WEjRESjbe16HCGT/Y7R9plq53rAp/KTYcNnkgNL9TqJasKJMM3he9
+Ty+DTGlUsmef+Rnabb8n69Q=
+-----END PRIVATE KEY-----

!information/previous/certs/biuro.lt/ca-bundle.pem

+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----

!information/previous/certs/biuro.lt/certificate.pem

+-----BEGIN CERTIFICATE-----
+MIIFdjCCBF6gAwIBAgISA7PuB239ajK5xTr/Mo8cq7GeMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODEyMTIxMzExMjNaFw0x
+OTAzMTIxMzExMjNaMBMxETAPBgNVBAMTCGJpdXJvLmx0MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuX61TmS7TxCJbZNf49rcw18vjh2oqbQe4pDi4DnB
+VbyN9Dpc7+kwWsESZYE9czdzuEpn/5ypqpP+H5kpxNHbSKqON0VFBxKQJbx+DaOp
+e4SaDzktt9/0UA/4v8E/D4ZVpxbwNX6ntt/7JyR4l8gmAktdOHAQ9DjrfayAIfNq
+vZPib2r/LaaaU9W8fDJEoxYP4JLiz2GRO8jhWSwDZGie8vCz4hJ7HSv3S+FaMJGe
+lWL87WUfKr8exLf2kGWD9ThuHFgK1VxGTyFQKotwxQmdaqB7oG2GFh2O1EQjdb1B
+f0Q1DPlDSyny9kAQOKDICzT8PtFb8xTrWhm96A1+JUvlOwIDAQABo4ICizCCAocw
+DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAM
+BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR7LmltXQ7Ty+IRx9Y2tcJOE/FeDTAfBgNV
+HSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYI
+KwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYI
+KwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMEEG
+A1UdEQQ6MDiCCGJpdXJvLmx0ggxkZXYuYml1cm8ubHSCEHN0YWdpbmcuYml1cm8u
+bHSCDHd3dy5iaXVyby5sdDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLf
+EwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCC
+AQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AOJpS64m6OlACeiGG7Y7g9Q+5/50iPuk
+jyiTAZ3d8dv+AAABZ6LCBfkAAAQDAEcwRQIhANlInn2gqgVXwAcS879BxPCCGUkT
++hY76gXucWQyfbqTAiAjazlEIYhzg+LZHAzYygbRT9CJl7RR/lmSIUsWRhjT1wB2
+ACk8UZZUyDlluqpQ/FgH1Ldvv1h6KXLcpMMM9OVFR/R4AAABZ6LCBfoAAAQDAEcw
+RQIgbq6mDsB1VIx6ow9kS7+HACOg6q7adlGBlfMk1FMG1TYCIQCQ/PkN4OEd4uzF
+rAUqT395TEfdXhsJKlPqYFaAd0NySTANBgkqhkiG9w0BAQsFAAOCAQEARTMgz/u+
+SFFK3U8dZMrxTLWPi5Igm0y2/o/lZq32mTOgmodVB8qjE7GVfp2sw7mEHQHOzi4z
+uhhOs9s70VSufqXoi7x5usvbw9Z2F9hOPtRxEYcr2DfYfn87OVr26a8My8np39AC
+1FP7g1HEKzXGgJ9RXxLMK5JxCfHXxdWxrEa9Z6HKOpzvvnaL7T5FFwrg3Y2IZS8A
+JN+OioSQu4st9nkABVjWnbq2M+MIMLDpfLf9YR1OCl1uDVXGpYJSlOExRDLeUHrM
+KYRMxAfXLdRiMKytxUzkV2Fzi+BoA9unRr/njTQBwFdmagurPt63W1LxwKOi8ZSs
+yycuXMI/XBSm2Q==
+-----END CERTIFICATE-----

!information/previous/certs/biuro.lt/privkey.pem

+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC5frVOZLtPEIlt
+k1/j2tzDXy+OHaiptB7ikOLgOcFVvI30Olzv6TBawRJlgT1zN3O4Smf/nKmqk/4f
+mSnE0dtIqo43RUUHEpAlvH4No6l7hJoPOS233/RQD/i/wT8PhlWnFvA1fqe23/sn
+JHiXyCYCS104cBD0OOt9rIAh82q9k+Jvav8tpppT1bx8MkSjFg/gkuLPYZE7yOFZ
+LANkaJ7y8LPiEnsdK/dL4VowkZ6VYvztZR8qvx7Et/aQZYP1OG4cWArVXEZPIVAq
+i3DFCZ1qoHugbYYWHY7URCN1vUF/RDUM+UNLKfL2QBA4oMgLNPw+0VvzFOtaGb3o
+DX4lS+U7AgMBAAECggEAPE3fL5877dZYd1EkKXVrs/BsC23E+XbfW5TyzSa5nd/w
+3mdi83QCDl8aVfmQOrbaXh2Cde0+k4ANa8RleeEnwxX/qiRQ7p2wUzRWXqTIYqmX
+VD+oh1C9opGusthmYeuwSOQCL8H/UEq84drPgbjF8pUBt2lneZ5PoMnF1kPGfd7Z
+uxkdP4qykBxxd5BVQKfzy+sl+GSvt48j6PLhECDbhntHFALZ8fCISb4ZUe5j3qj8
+JfFYADxf6g1Mvym4fZMTqtnNrfEjJmn1mrgy7zTDEyKcmf04u2fX1ZBrGWz1Y1+P
+pkWXv3WLSVzRmP+59tmGPSu22MAQO2akG5YaOiDf0QKBgQDvboBn/NvT9gxmIEuX
+dUT9/Tr2o71fazbs1+dp85yayVHp3ZmsdTn84bFkREczSaBCmzMBiaCYfyclAKMa
+EG/SPZIxcbn9Iu3CWOnokSMnNXk1082Rao/VKE9F9murzyFVHni2uRrRLI8TixTk
++kBPNcMcDeLGex/7nWCJaGE/BwKBgQDGVLnBgD0QZT96TxhWm7HrqBigdHiHgW0r
+m0KCMNPzWVX1BGBqoWELtrJc6yosFRSRJSsNJjik5+czHvoxelUaGtUHv2XPrap7
+bVpVPZaao7kL7QtjhEGg/8wBQcyWq1e67R4SGNUQjADIH/DsxItDiCeyr07TMmBB
+lH7kJ2hnLQKBgBPC2gQ7IWWYHCPdrH9+pUgVO2WZ1AppDep0U1wySA2aahFUQdez
+ASs28W4mGH5KKFj2+Dm7Qy7y56ctK0j+bEw82rEMAt66oEb3Ea8pM26MAkoIBiJn
+WiGspwZONUrD2KtuzWW/V1BGTjS9uObBJMek10qcdsgM53Hb5ljQ7Z3HAoGBAIh/
+rWzoxp4vINYb88M/2t82zOQ55O5V/H3jmI2j72vvk0JTpcwdj34RWoaq71Zxl7sh
+mpStNpUAalX7vvQonsOdrfpsFzUs8EWMiHxcK/f4MJZtqcXvM4AMLSq8T4NvH60u
+HuETqCiAQtV5bkZ2KubqoW/QSe7/H9Ji0kZSfP9tAoGBAMtOM6Gx5snEMAmRJArk
+jGvm3B6nHzdJ1kKy7a+/O7Hm4y1GBacKKJdPoACbdwHCLbgs4NH0OmYaB6T5miVI
+u5+g1E9eq84i2qhPF3e1ZvSK9G826fGLSw1MeRdEaCm/nJwqudDAlgEJviKFNs0U
+HCHAkM7R2ySMwwyhAn6MzFSF
+-----END PRIVATE KEY-----

!information/previous/certs/biuro.lv/ca-bundle.pem

+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----

!information/previous/certs/biuro.lv/certificate.pem

+-----BEGIN CERTIFICATE-----
+MIIFdTCCBF2gAwIBAgISAx3DpW3B2YYmavHTM+Jl9wTCMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODEyMTQwNTM4MzdaFw0x
+OTAzMTQwNTM4MzdaMBMxETAPBgNVBAMTCGJpdXJvLmx2MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAmI15ZcOTi2Nm3Lz1JHRT9j74ype4QYYnG4awz0Yg
+OU7YvLZBEiNXAYHeSrIJ6JVhqgzuFChPfJ3mqE4udCMP5rqCT7qA74GYG4sisiev
+i6stOB7SShcsd7aTKXGuj2RsqQnhQEDpoHV+7EJelqK3wUDWz/OILGtRoquLJet3
+WXOTBsMPHkG3j/aDNQSt05CVtK4qY7oFhDWQsEHdespQ6rS6mdBwFDlyxDOpDLpN
+DzLbFdURMplPXsaB0cJSX29j/RW+OVEdgS6YzrjFwaAaWS33wQSF0HXuFc1XpgZO
+n1yVd17FFSgQ7dcpTyAahe2ZTSCTx0mqavVp3evGQkYVzwIDAQABo4ICijCCAoYw
+DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAM
+BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTrKY9/iRbSYpLy5mlHzROpnbO5/zAfBgNV
+HSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYI
+KwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYI
+KwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMEEG
+A1UdEQQ6MDiCCGJpdXJvLmx2ggxkZXYuYml1cm8ubHaCEHN0YWdpbmcuYml1cm8u
+bHaCDHd3dy5iaXVyby5sdjBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLf
+EwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCC
+AQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1ACk8UZZUyDlluqpQ/FgH1Ldvv1h6KXLc
+pMMM9OVFR/R4AAABZ6twN/sAAAQDAEYwRAIgVzEdMqfXOhCn3vWES4VYObl3a0TA
+K+B/mbx+czCLf/cCIDWkkCOP/LhYZs0alYH4b+x2ojB2pI3OLuqT3/9oMXA1AHYA
+dH7agzGtMxCRIZzOJU9CcMK//V5CIAjGNzV55hB7zFYAAAFnq3A6WQAABAMARzBF
+AiB+dUrdUY159aooUmcvvYcvTghM68oV09gMEd5QdCJ+GwIhAOngDvKIFhOdcYVU
+QTOPy2F0ZK27cnRvNkjgM1o9ysRNMA0GCSqGSIb3DQEBCwUAA4IBAQCJkVuGlpBX
+4vFHJtWk7W3Qm7lU6zVYvBgFtjqoLUAhzHuw/orAHOhiCESiyrQfQWRv8wHyz5GR
+eboOyAbDYVxed8TN2AcmaMxtrQgfaDP4ZUqvqh7cmfrotYX61Zi1PuBqyaI6zwio
+Y5xJgN/w6CvVljtQms6RLTB4axGOK1Ef+V2onoTxFgHvP0TBaeYpPbh2R8zvATXL
+oy5VzRxYZylLmQLZgXNQy2hjvkwmsSnahKhZn1iUAKDCwYbSstyBn2f15LrJdvOc
+e+M/nbV7M/fEAOf+Y8oy1Bokt0Kww8wUGtFs8jmd4KZTsPsQfgY3tDpy+vLRSnHk
+5Ql1KxbEETDZ
+-----END CERTIFICATE-----

!information/previous/certs/biuro.lv/privkey.pem

+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCYjXllw5OLY2bc
+vPUkdFP2PvjKl7hBhicbhrDPRiA5Tti8tkESI1cBgd5KsgnolWGqDO4UKE98neao
+Ti50Iw/muoJPuoDvgZgbiyKyJ6+Lqy04HtJKFyx3tpMpca6PZGypCeFAQOmgdX7s
+Ql6WorfBQNbP84gsa1Giq4sl63dZc5MGww8eQbeP9oM1BK3TkJW0ripjugWENZCw
+Qd16ylDqtLqZ0HAUOXLEM6kMuk0PMtsV1REymU9exoHRwlJfb2P9Fb45UR2BLpjO
+uMXBoBpZLffBBIXQde4VzVemBk6fXJV3XsUVKBDt1ylPIBqF7ZlNIJPHSapq9Wnd
+68ZCRhXPAgMBAAECggEAAdYQxCxOo4AJS2viKX5Vn7enUqJGifyy43kYug32h6oO
+ysqzeCPrwVgOVGjV3LJQ8B/it7m6fIisBOeYAIwxffijETxF9Aa5Is+8awI2RzXt
+apOtuqLnxUhxzK8SclBmTGyS2lf4V+xCIFbg1kBUJOPXvL4KLBAIoK7JkyXFPygz
+tarVV4S7D5T07prFa+qY+dkfw9fPdB0WW/26qWCYSOuAT8e3+YpvBMq2yFRDvEgT
+M314oOzQiKDXu0ykkjkmtWAbO4guaS26Q5svMAENwsKIkZJ6iWo4zcyGaGYyXkhr
+LvPsX9KbhbtjrBo9QTS3WmqVkNZAcm+ZF3bK+0Yq9QKBgQDOTeXsRI5Ya7pEbPrm
+DG0Bx8g9w0Arflkzod/INND0s2iPTSeDQVwyMSgrZ4D5YxTgiHgvq9rbFpdj4H5A
+6sL55QiemX+Y3ajRyy6HnW9awVFa5t7LuAixBDBe9BwFDYlxwz6Z03yEZgOtHuO/
+0WdnIDseRmy8Xz8YQenaUW12OwKBgQC9TOO7X5mLt5DxakqR2FU2NTxf9C4j0vNO
+Q71VqHCShBBvQFFhra5keE3HaGnStff100wTNoym+zPQY0VM1YcPwgCzyAi07lX7
+XwUk7dyOG9mV1yg71W9+SuTlWx+jy6kD/tdQY7KTnTg6hyFbQ4sLdY6nLpmNRmIl
+/nxXVqVhfQKBgQC9PuwJPiItrjSiDC5j1UYxeeiP74nv2+lL2dQEPZ7ouaLSwX3b
+g5tlV353wmynWGKQTd+iK02J6EFbl1V5i2DsB1NO2ZQY0EzKlk3KjXrWj7tnXZ1G
+1zzx1NviXp9Na0uHlgjY5w20DjiVGF7nWNo32XMhpIyeh+jDAcPZRxTYfQKBgE5r
+JMgBUW1UrQGlQ6DpWltrcEhbsiV7BPm+DBgJACFh/iDoJw5s0ZqjT600runwIfk+
+//vRlDC0TYGdLh8nMZ0wg/P2AM1bEllgwpPKyZxBI0D0caFfyKEry2jL9+51tt2F
+25JcyqRl894jDoltEJO9rkvJfSjOKGiO5NmVdktNAoGBAI7xH+xY9gv4FPwUN9+r
+EqrvO0RfoQVxJqL56caKBm7QbRrq54zSFhjre4CVoquBghlwQ7Jck75o3F+oEsPK
++9bH6BRFvJWRaiHFxP6d3ZGwY+ZI1hnMF+00RsmSCPUwJjqXbyuIO2WiALsa1KJu
+LswlHkO3Gj4ljmxnbUC8gb2T
+-----END PRIVATE KEY-----

!information/previous/certs/live/staging.biuro.ee/ca-bundle.pem

+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----
\ No newline at end of file

!information/previous/certs/live/staging.biuro.ee/certificate.pem

+-----BEGIN CERTIFICATE-----
+MIIGGDCCBQCgAwIBAgISA1V7E11bMWZOjQatfTAfEy1RMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODEwMDIwNTM0MTBaFw0x
+ODEyMzEwNTM0MTBaMBMxETAPBgNVBAMTCGJpdXJvLmVlMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAqgEqdJCK5YC/ATojjJa2tUnrjEkCkAmL7686uYWr
+IIVnmWX/gWZNRAuwqx4hP3hV0YBRuajvhKI23rMs5y8+1nGtgL25UyNIv+LKl7TM
+95feiLkfr0Gss0qgdyEjG8swmOKoc84LBAcd25DJBW6KrgV1exksmL76arCVmq9Y
+H9rJ1qmsTfPEq/GDgu7IrFO1WPumAec0i/pAHHIEv8Lxakhv6g7+BaJj/H3YfNA5
+U5MV6gitk+rRX+CBLXTrRf32cum1hhG0OQ5ZgY/Ag3VP2daf5zRuaB4VxWlaMwUC
+Vv8k/jBRLM0h6uOakvGmYT1HVMejBAnWaBnKAnQUOwlpWQIDAQABo4IDLTCCAykw
+DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAM
+BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBROHLM97EABngPFEkggtXReRFlJ8DAfBgNV
+HSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYI
+KwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYI
+KwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMC8G
+A1UdEQQoMCaCCGJpdXJvLmVlggxkZXYuYml1cm8uZWWCDHd3dy5iaXVyby5lZTCB
+/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYB
+BQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCB
+ngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkg
+UmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUg
+Q2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQu
+b3JnL3JlcG9zaXRvcnkvMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcAKTxRllTI
+OWW6qlD8WAfUt2+/WHopctykwwz05UVH9HgAAAFmM3vqiAAABAMASDBGAiEAzOlN
+0rYV+2EdcSkdu1Pc8gOB5iWT0KEQC3mdDaUDoQ0CIQC7csWtvVmIwJkH+IMpUd5C
+61U9ONZOTor1ldNgupwiFQB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgia
+N9kTAAABZjN76r8AAAQDAEcwRQIhAMSGqvcxdWtJiYJBreV70ifUAg3psmyTRYMg
+LSPoQEQ9AiBhZlD7Q8zqddCp4qJUkxE1M2yvAOk3CYOHZFV6UpqGaDANBgkqhkiG
+9w0BAQsFAAOCAQEAVH2tQ/E8XSxODy9nOp2PU3A5Kb0hjbD3l7z0Yy+wBjZXBmM1
+qd7h/BkHVlY2w7IHqu9O13Cx1RX9TPfMhDNfUb0OrLCKClEeW3PwbC7MwmHHfDZn
+bRlLXppibfvq96mCo+Y5DDVK+10SGbd+Ynl86KF/NRecR4S7cl+JXOMOFxHkhHAb
+KQYTDo/T7KpcFBdrsQpP7ZEaY6gVVzGdjgdPvyojUYlY+jVol1SwOpcjMbelEo1h
+eOIlzSK+E9j8/pIV2aTdnUS9Gmt0kqwBQFQpZDzME58ksro+C5ZvgZhxhGqLSj53
+Boaiol8S0iNdkD78N6HCr53xv3y/8YJY+peGfg==
+-----END CERTIFICATE-----
\ No newline at end of file

!information/previous/certs/live/staging.biuro.ee/privkey.pem

+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCqASp0kIrlgL8B
+OiOMlra1SeuMSQKQCYvvrzq5hasghWeZZf+BZk1EC7CrHiE/eFXRgFG5qO+Eojbe
+syznLz7Wca2AvblTI0i/4sqXtMz3l96IuR+vQayzSqB3ISMbyzCY4qhzzgsEBx3b
+kMkFboquBXV7GSyYvvpqsJWar1gf2snWqaxN88Sr8YOC7sisU7VY+6YB5zSL+kAc
+cgS/wvFqSG/qDv4FomP8fdh80DlTkxXqCK2T6tFf4IEtdOtF/fZy6bWGEbQ5DlmB
+j8CDdU/Z1p/nNG5oHhXFaVozBQJW/yT+MFEszSHq45qS8aZhPUdUx6MECdZoGcoC
+dBQ7CWlZAgMBAAECggEAFe4o52OJVLogfvcx2cjMEKPUq8KeqYJfF7rE5Q94uAJt
+jwIeN+JAtQvwV4qp+FGSJICcn591fRMd5+mOMSkiPoXolLMkwomf210ADG+ULJuz
+PHOWbO8YaQKHTlwrIW07O3sAXFFSkMudjug6U6XjDuLWY7Gnfpwi7/tlOSXwb3So
+gQNVJje9EIQKzs7QqdxroiA9MTqQTedsGjCEkgxFrVo3w1PwLIGgYNyDaRQxzLLr
+zLwTQcX+Z68ePnEKSL6Rdaa0gMa47c7+l/1YmBwLhhbCbQmSxgrFLgnY+EDlMyr1
+ZZqxcg5XU3MlJcMfy1wIMAcaxOarCIDlFeP9kksYHwKBgQDTnihf1iiZqGa9lFRM
+nbZYIH8Tr+H2VCRM4SPk8g5DWyOC4LXuxwDJW3TjIbgaylDiO9INdqrALWU97OcD
+pKbVcwsPpnVe6oNuHMkphxBu91OH2stPTt1OjM/5OMM2Xlw/XYRzAFJathLNd9+6
+sBAhLtlzWKhoERs7C2OMGX7KGwKBgQDNqMbMcZblBE5T43YeOe8fcOyNBvoCABtf
+vrnOMHynRHT9gL6Z/liKJYCPUktfmRQo5p2KXKvObWrl5jkGjGz9mC2D1pmutyFX
+zMMj6N5llkBHVAUekLMq87q5ERfJ1u3I6MhcV369CcrXzsycaDMVKKRNRiDMYdO3
+5XGeXR/RmwKBgGkzQtcB3AUnVowAZTgBX1jILuRWl3qhsboWYoW6X6TUdf7mPwuJ
+Grb/JEiVxrRqx3LwUignShNnfeEfGGkTPWz3WBRbqBWbd+MRpF9kqaLAiWIMPu4a
+QqJ+FhXLRiCNIEbP8rxI+Kfnw8kpQqvIQvx8EdXpyS6S8nqT2tUXB5TpAoGAFzv2
+GarLjVwLLVcJRSjuZvLvBo+/NvKkJRD7FNxNeOg2/1zIK8WcYx8Rgx+c/FPi/yvu
+qG8Hye56oTZ9QswilBPZMIfSHPb7gVvUv/3TAk8TO/u2CFn4o+WdNsNDmL37ZzNF
+T4li/CBbFj56x0DOZJmO1lwR4IU80g3N5EJJEfkCgYBVWW+F4SMw/L0rfD4Vi73I
++6/+j3+zIsYWjHXebSWOGqqBrz9rff8kYvUAdndvYCcAQeV9hVxFnUDrrY/XvRRj
+10EIDaFj9/KZUNVAgCuQCrVEW+A205xZ3/rsJqrFo08RldAnGRLgW6CN3KOzcLwb
+ZkEQwkoZEFycGdwO+1WdXg==
+-----END PRIVATE KEY-----
\ No newline at end of file

!information/previous/certs/live/staging.biuro.lt/ca-bundle.pem

+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----

!information/previous/certs/live/staging.biuro.lt/certificate.pem

+-----BEGIN CERTIFICATE-----
+MIIFdjCCBF6gAwIBAgISA7PuB239ajK5xTr/Mo8cq7GeMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODEyMTIxMzExMjNaFw0x
+OTAzMTIxMzExMjNaMBMxETAPBgNVBAMTCGJpdXJvLmx0MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuX61TmS7TxCJbZNf49rcw18vjh2oqbQe4pDi4DnB
+VbyN9Dpc7+kwWsESZYE9czdzuEpn/5ypqpP+H5kpxNHbSKqON0VFBxKQJbx+DaOp
+e4SaDzktt9/0UA/4v8E/D4ZVpxbwNX6ntt/7JyR4l8gmAktdOHAQ9DjrfayAIfNq
+vZPib2r/LaaaU9W8fDJEoxYP4JLiz2GRO8jhWSwDZGie8vCz4hJ7HSv3S+FaMJGe
+lWL87WUfKr8exLf2kGWD9ThuHFgK1VxGTyFQKotwxQmdaqB7oG2GFh2O1EQjdb1B
+f0Q1DPlDSyny9kAQOKDICzT8PtFb8xTrWhm96A1+JUvlOwIDAQABo4ICizCCAocw
+DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAM
+BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR7LmltXQ7Ty+IRx9Y2tcJOE/FeDTAfBgNV
+HSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYI
+KwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYI
+KwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMEEG
+A1UdEQQ6MDiCCGJpdXJvLmx0ggxkZXYuYml1cm8ubHSCEHN0YWdpbmcuYml1cm8u
+bHSCDHd3dy5iaXVyby5sdDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLf
+EwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCC
+AQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AOJpS64m6OlACeiGG7Y7g9Q+5/50iPuk
+jyiTAZ3d8dv+AAABZ6LCBfkAAAQDAEcwRQIhANlInn2gqgVXwAcS879BxPCCGUkT
++hY76gXucWQyfbqTAiAjazlEIYhzg+LZHAzYygbRT9CJl7RR/lmSIUsWRhjT1wB2
+ACk8UZZUyDlluqpQ/FgH1Ldvv1h6KXLcpMMM9OVFR/R4AAABZ6LCBfoAAAQDAEcw
+RQIgbq6mDsB1VIx6ow9kS7+HACOg6q7adlGBlfMk1FMG1TYCIQCQ/PkN4OEd4uzF
+rAUqT395TEfdXhsJKlPqYFaAd0NySTANBgkqhkiG9w0BAQsFAAOCAQEARTMgz/u+
+SFFK3U8dZMrxTLWPi5Igm0y2/o/lZq32mTOgmodVB8qjE7GVfp2sw7mEHQHOzi4z
+uhhOs9s70VSufqXoi7x5usvbw9Z2F9hOPtRxEYcr2DfYfn87OVr26a8My8np39AC
+1FP7g1HEKzXGgJ9RXxLMK5JxCfHXxdWxrEa9Z6HKOpzvvnaL7T5FFwrg3Y2IZS8A
+JN+OioSQu4st9nkABVjWnbq2M+MIMLDpfLf9YR1OCl1uDVXGpYJSlOExRDLeUHrM
+KYRMxAfXLdRiMKytxUzkV2Fzi+BoA9unRr/njTQBwFdmagurPt63W1LxwKOi8ZSs
+yycuXMI/XBSm2Q==
+-----END CERTIFICATE-----

!information/previous/certs/live/staging.biuro.lt/privkey.pem

+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC5frVOZLtPEIlt
+k1/j2tzDXy+OHaiptB7ikOLgOcFVvI30Olzv6TBawRJlgT1zN3O4Smf/nKmqk/4f
+mSnE0dtIqo43RUUHEpAlvH4No6l7hJoPOS233/RQD/i/wT8PhlWnFvA1fqe23/sn
+JHiXyCYCS104cBD0OOt9rIAh82q9k+Jvav8tpppT1bx8MkSjFg/gkuLPYZE7yOFZ
+LANkaJ7y8LPiEnsdK/dL4VowkZ6VYvztZR8qvx7Et/aQZYP1OG4cWArVXEZPIVAq
+i3DFCZ1qoHugbYYWHY7URCN1vUF/RDUM+UNLKfL2QBA4oMgLNPw+0VvzFOtaGb3o
+DX4lS+U7AgMBAAECggEAPE3fL5877dZYd1EkKXVrs/BsC23E+XbfW5TyzSa5nd/w
+3mdi83QCDl8aVfmQOrbaXh2Cde0+k4ANa8RleeEnwxX/qiRQ7p2wUzRWXqTIYqmX
+VD+oh1C9opGusthmYeuwSOQCL8H/UEq84drPgbjF8pUBt2lneZ5PoMnF1kPGfd7Z
+uxkdP4qykBxxd5BVQKfzy+sl+GSvt48j6PLhECDbhntHFALZ8fCISb4ZUe5j3qj8
+JfFYADxf6g1Mvym4fZMTqtnNrfEjJmn1mrgy7zTDEyKcmf04u2fX1ZBrGWz1Y1+P
+pkWXv3WLSVzRmP+59tmGPSu22MAQO2akG5YaOiDf0QKBgQDvboBn/NvT9gxmIEuX
+dUT9/Tr2o71fazbs1+dp85yayVHp3ZmsdTn84bFkREczSaBCmzMBiaCYfyclAKMa
+EG/SPZIxcbn9Iu3CWOnokSMnNXk1082Rao/VKE9F9murzyFVHni2uRrRLI8TixTk
++kBPNcMcDeLGex/7nWCJaGE/BwKBgQDGVLnBgD0QZT96TxhWm7HrqBigdHiHgW0r
+m0KCMNPzWVX1BGBqoWELtrJc6yosFRSRJSsNJjik5+czHvoxelUaGtUHv2XPrap7
+bVpVPZaao7kL7QtjhEGg/8wBQcyWq1e67R4SGNUQjADIH/DsxItDiCeyr07TMmBB
+lH7kJ2hnLQKBgBPC2gQ7IWWYHCPdrH9+pUgVO2WZ1AppDep0U1wySA2aahFUQdez
+ASs28W4mGH5KKFj2+Dm7Qy7y56ctK0j+bEw82rEMAt66oEb3Ea8pM26MAkoIBiJn
+WiGspwZONUrD2KtuzWW/V1BGTjS9uObBJMek10qcdsgM53Hb5ljQ7Z3HAoGBAIh/
+rWzoxp4vINYb88M/2t82zOQ55O5V/H3jmI2j72vvk0JTpcwdj34RWoaq71Zxl7sh
+mpStNpUAalX7vvQonsOdrfpsFzUs8EWMiHxcK/f4MJZtqcXvM4AMLSq8T4NvH60u
+HuETqCiAQtV5bkZ2KubqoW/QSe7/H9Ji0kZSfP9tAoGBAMtOM6Gx5snEMAmRJArk
+jGvm3B6nHzdJ1kKy7a+/O7Hm4y1GBacKKJdPoACbdwHCLbgs4NH0OmYaB6T5miVI
+u5+g1E9eq84i2qhPF3e1ZvSK9G826fGLSw1MeRdEaCm/nJwqudDAlgEJviKFNs0U
+HCHAkM7R2ySMwwyhAn6MzFSF
+-----END PRIVATE KEY-----

!information/previous/certs/live/staging.biuro.lv/ca-bundle.pem

+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----

!information/previous/certs/live/staging.biuro.lv/certificate.pem

+-----BEGIN CERTIFICATE-----
+MIIFdTCCBF2gAwIBAgISAx3DpW3B2YYmavHTM+Jl9wTCMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODEyMTQwNTM4MzdaFw0x
+OTAzMTQwNTM4MzdaMBMxETAPBgNVBAMTCGJpdXJvLmx2MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAmI15ZcOTi2Nm3Lz1JHRT9j74ype4QYYnG4awz0Yg
+OU7YvLZBEiNXAYHeSrIJ6JVhqgzuFChPfJ3mqE4udCMP5rqCT7qA74GYG4sisiev
+i6stOB7SShcsd7aTKXGuj2RsqQnhQEDpoHV+7EJelqK3wUDWz/OILGtRoquLJet3
+WXOTBsMPHkG3j/aDNQSt05CVtK4qY7oFhDWQsEHdespQ6rS6mdBwFDlyxDOpDLpN
+DzLbFdURMplPXsaB0cJSX29j/RW+OVEdgS6YzrjFwaAaWS33wQSF0HXuFc1XpgZO
+n1yVd17FFSgQ7dcpTyAahe2ZTSCTx0mqavVp3evGQkYVzwIDAQABo4ICijCCAoYw
+DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAM
+BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTrKY9/iRbSYpLy5mlHzROpnbO5/zAfBgNV
+HSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYI
+KwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYI
+KwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMEEG
+A1UdEQQ6MDiCCGJpdXJvLmx2ggxkZXYuYml1cm8ubHaCEHN0YWdpbmcuYml1cm8u
+bHaCDHd3dy5iaXVyby5sdjBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLf
+EwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCC
+AQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1ACk8UZZUyDlluqpQ/FgH1Ldvv1h6KXLc
+pMMM9OVFR/R4AAABZ6twN/sAAAQDAEYwRAIgVzEdMqfXOhCn3vWES4VYObl3a0TA
+K+B/mbx+czCLf/cCIDWkkCOP/LhYZs0alYH4b+x2ojB2pI3OLuqT3/9oMXA1AHYA
+dH7agzGtMxCRIZzOJU9CcMK//V5CIAjGNzV55hB7zFYAAAFnq3A6WQAABAMARzBF
+AiB+dUrdUY159aooUmcvvYcvTghM68oV09gMEd5QdCJ+GwIhAOngDvKIFhOdcYVU
+QTOPy2F0ZK27cnRvNkjgM1o9ysRNMA0GCSqGSIb3DQEBCwUAA4IBAQCJkVuGlpBX
+4vFHJtWk7W3Qm7lU6zVYvBgFtjqoLUAhzHuw/orAHOhiCESiyrQfQWRv8wHyz5GR
+eboOyAbDYVxed8TN2AcmaMxtrQgfaDP4ZUqvqh7cmfrotYX61Zi1PuBqyaI6zwio
+Y5xJgN/w6CvVljtQms6RLTB4axGOK1Ef+V2onoTxFgHvP0TBaeYpPbh2R8zvATXL
+oy5VzRxYZylLmQLZgXNQy2hjvkwmsSnahKhZn1iUAKDCwYbSstyBn2f15LrJdvOc
+e+M/nbV7M/fEAOf+Y8oy1Bokt0Kww8wUGtFs8jmd4KZTsPsQfgY3tDpy+vLRSnHk
+5Ql1KxbEETDZ
+-----END CERTIFICATE-----

!information/previous/certs/live/staging.biuro.lv/privkey.pem

+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCYjXllw5OLY2bc
+vPUkdFP2PvjKl7hBhicbhrDPRiA5Tti8tkESI1cBgd5KsgnolWGqDO4UKE98neao
+Ti50Iw/muoJPuoDvgZgbiyKyJ6+Lqy04HtJKFyx3tpMpca6PZGypCeFAQOmgdX7s
+Ql6WorfBQNbP84gsa1Giq4sl63dZc5MGww8eQbeP9oM1BK3TkJW0ripjugWENZCw
+Qd16ylDqtLqZ0HAUOXLEM6kMuk0PMtsV1REymU9exoHRwlJfb2P9Fb45UR2BLpjO
+uMXBoBpZLffBBIXQde4VzVemBk6fXJV3XsUVKBDt1ylPIBqF7ZlNIJPHSapq9Wnd
+68ZCRhXPAgMBAAECggEAAdYQxCxOo4AJS2viKX5Vn7enUqJGifyy43kYug32h6oO
+ysqzeCPrwVgOVGjV3LJQ8B/it7m6fIisBOeYAIwxffijETxF9Aa5Is+8awI2RzXt
+apOtuqLnxUhxzK8SclBmTGyS2lf4V+xCIFbg1kBUJOPXvL4KLBAIoK7JkyXFPygz
+tarVV4S7D5T07prFa+qY+dkfw9fPdB0WW/26qWCYSOuAT8e3+YpvBMq2yFRDvEgT
+M314oOzQiKDXu0ykkjkmtWAbO4guaS26Q5svMAENwsKIkZJ6iWo4zcyGaGYyXkhr
+LvPsX9KbhbtjrBo9QTS3WmqVkNZAcm+ZF3bK+0Yq9QKBgQDOTeXsRI5Ya7pEbPrm
+DG0Bx8g9w0Arflkzod/INND0s2iPTSeDQVwyMSgrZ4D5YxTgiHgvq9rbFpdj4H5A
+6sL55QiemX+Y3ajRyy6HnW9awVFa5t7LuAixBDBe9BwFDYlxwz6Z03yEZgOtHuO/
+0WdnIDseRmy8Xz8YQenaUW12OwKBgQC9TOO7X5mLt5DxakqR2FU2NTxf9C4j0vNO
+Q71VqHCShBBvQFFhra5keE3HaGnStff100wTNoym+zPQY0VM1YcPwgCzyAi07lX7
+XwUk7dyOG9mV1yg71W9+SuTlWx+jy6kD/tdQY7KTnTg6hyFbQ4sLdY6nLpmNRmIl
+/nxXVqVhfQKBgQC9PuwJPiItrjSiDC5j1UYxeeiP74nv2+lL2dQEPZ7ouaLSwX3b
+g5tlV353wmynWGKQTd+iK02J6EFbl1V5i2DsB1NO2ZQY0EzKlk3KjXrWj7tnXZ1G
+1zzx1NviXp9Na0uHlgjY5w20DjiVGF7nWNo32XMhpIyeh+jDAcPZRxTYfQKBgE5r
+JMgBUW1UrQGlQ6DpWltrcEhbsiV7BPm+DBgJACFh/iDoJw5s0ZqjT600runwIfk+
+//vRlDC0TYGdLh8nMZ0wg/P2AM1bEllgwpPKyZxBI0D0caFfyKEry2jL9+51tt2F
+25JcyqRl894jDoltEJO9rkvJfSjOKGiO5NmVdktNAoGBAI7xH+xY9gv4FPwUN9+r
+EqrvO0RfoQVxJqL56caKBm7QbRrq54zSFhjre4CVoquBghlwQ7Jck75o3F+oEsPK
++9bH6BRFvJWRaiHFxP6d3ZGwY+ZI1hnMF+00RsmSCPUwJjqXbyuIO2WiALsa1KJu
+LswlHkO3Gj4ljmxnbUC8gb2T
+-----END PRIVATE KEY-----

!information/previous/docker-compose.yml

+version: '3.6'
+
+services:
+    nginx:
+        image: ${IMAGE_NGINX}
+        container_name: "${PROJECT}-nginx"
+        networks:
+            - front
+        ports:
+            - '80:80'
+            - '443:443'
+        volumes:
+            - ./nginx:/etc/nginx/conf.d
+            - ./logs/nginx:/var/log/nginx
+            - ./certs:/etc/letsencrypt
+            - ./certs-data:/data/letsencrypt
+            - ./wordpress:/var/www/html
+        links:
+            - wordpress
+        restart: always
+
+    mysql:
+        image: ${IMAGE_MYSQL}
+        container_name: "${PROJECT}-mysql"
+        networks:
+            - "back"
+        ports:
+            - '3306:3306'
+        volumes:
+            - ./docker/mariadb:/docker-entrypoint-initdb.d/
+            - ./var/mariadb:/var/lib/mysql
+        environment:
+            - MYSQL_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
+            - MYSQL_DATABASE=${DB_NAME}
+            - MYSQL_USER=${DB_USERNAME}
+            - MYSQL_PASSWORD=${DB_PASSWORD}
+        command: mysqld --character-set-server=utf8 --collation-server=utf8_general_ci --innodb-flush-method=fsync
+        restart: always
+
+    wordpress:
+        image: ${IMAGE_WORDPRESS}
+        container_name: "${PROJECT}-wordpress"
+        networks:
+            - "front"
+            - "back"
+        volumes:
+            - ./wordpress:/var/www/html
+        environment:
+            - WORDPRESS_DB_NAME=${DB_NAME}
+            - WORDPRESS_DB_HOST=${DB_HOST}
+            - WORDPRESS_DB_USER=${DB_USERNAME}
+            - WORDPRESS_DB_PASSWORD=${DB_PASSWORD}
+            - WORDPRESS_CONFIG_EXTRA=
+                /* Multisite */
+                define( 'WP_ALLOW_MULTISITE', true );
+                define('MULTISITE', true);
+                define('SUBDOMAIN_INSTALL', true);
+                define('DOMAIN_CURRENT_SITE', '${NGINX_NAME_LT}');
+                define('PATH_CURRENT_SITE', '/');
+                define('SITE_ID_CURRENT_SITE', 1);
+                define('BLOG_ID_CURRENT_SITE', 1);
+                define( 'COOKIE_DOMAIN', '' );
+                define( 'ADMIN_COOKIE_PATH', '/' );
+                define( 'COOKIEPATH', '/' );
+                define( 'SITECOOKIEPATH', '/' );
+        links:
+            - mysql
+        restart: always
+
+networks:
+    front:
+        name: "${PROJECT}-front"
+    back:
+        name: "${PROJECT}-back"

.env

 PROJECT=biuro-staging
 
-IMAGE_NGINX=nginx:1.15.7
+IMAGE_NGINX=kbenassm/nginx-brotli-tls13
 IMAGE_MYSQL=mariadb:10.3
-IMAGE_WORDPRESS=simoncereska/biuro-staging:0.0.2
+IMAGE_WORDPRESS=biuro/web:0.0.1
+IMAGE_WORDPRESS_CLI=wordpress:cli-php7.3
 
 DB_NAME=staging_biuro
 DB_HOST=mysql
@@ -10,6 +11,9 @@ DB_USERNAME=staging_user
 DB_PASSWORD=qzl8pMNV^gZ&c1!7ebVsXqQh
 DB_ROOT_PASSWORD=#w1ML4QfWaR*8dBYRL7aZJI$
 
+UID=33
+GID=33
+
 NGINX_NAME_LT=staging.biuro.lt
 NGINX_NAME_LV=staging.biuro.lv
 NGINX_NAME_EE=staging.biuro.ee

.gitignore

+.idea/
 var/
 wordpress/
 logs/nginx/*.log

certs/biuro.lv/certificate.pem

 -----BEGIN CERTIFICATE-----
-MIIGGDCCBQCgAwIBAgISA2WmFmvfJcoDdgPycjmHERg8MA0GCSqGSIb3DQEBCwUA
+MIIFdTCCBF2gAwIBAgISAx3DpW3B2YYmavHTM+Jl9wTCMA0GCSqGSIb3DQEBCwUA
 MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODEwMDkwMzQ0NDFaFw0x
-OTAxMDcwMzQ0NDFaMBMxETAPBgNVBAMTCGJpdXJvLmx2MIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAwz8fNEvDt9ix4USHVBZY5rRkaBQWr56p+jUQNLsx
-/V3+7ESdzvueVl0krFbvAA6F1kNAAMlHmERsTk1MgfTNBodP97rRZaA7aUt0Xdxf
-m/cWer67OyEX6Ns6vjTw3kzfkTmmdxmq9Ir0z1tjE1V4b/nQGYJ169M5Fog0CpW4
-GtBYM0fxzX3v9pDUniqx37S5kkAxNF/FSq0IGakWpd9YxLVM/eWodvHb++eNgzK+
-tTWNwoiZ/IzFLRhOOu8CvS+71p1H8+ZpSjucuxQNaTa2GM4WlZ5jfZGZINXhMbIe
-bAW6GJeX1nrLGmbEWGOxRzzz5Tv97ZpytkWobMHnKzRuMQIDAQABo4IDLTCCAykw
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODEyMTQwNTM4MzdaFw0x
+OTAzMTQwNTM4MzdaMBMxETAPBgNVBAMTCGJpdXJvLmx2MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAmI15ZcOTi2Nm3Lz1JHRT9j74ype4QYYnG4awz0Yg
+OU7YvLZBEiNXAYHeSrIJ6JVhqgzuFChPfJ3mqE4udCMP5rqCT7qA74GYG4sisiev
+i6stOB7SShcsd7aTKXGuj2RsqQnhQEDpoHV+7EJelqK3wUDWz/OILGtRoquLJet3
+WXOTBsMPHkG3j/aDNQSt05CVtK4qY7oFhDWQsEHdespQ6rS6mdBwFDlyxDOpDLpN
+DzLbFdURMplPXsaB0cJSX29j/RW+OVEdgS6YzrjFwaAaWS33wQSF0HXuFc1XpgZO
+n1yVd17FFSgQ7dcpTyAahe2ZTSCTx0mqavVp3evGQkYVzwIDAQABo4ICijCCAoYw
 DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAM
-BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQT7jKKYb9ui7yr3wc32wHgdF/rnjAfBgNV
+BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTrKY9/iRbSYpLy5mlHzROpnbO5/zAfBgNV
 HSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYI
 KwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYI
-KwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMC8G
-A1UdEQQoMCaCCGJpdXJvLmx2ggxkZXYuYml1cm8ubHaCDHd3dy5iaXVyby5sdjCB
-/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYB
-BQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCB
-ngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkg
-UmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUg
-Q2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQu
-b3JnL3JlcG9zaXRvcnkvMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcA4mlLribo
-6UAJ6IYbtjuD1D7n/nSI+6SPKJMBnd3x2/4AAAFmVyQxCQAABAMASDBGAiEAmByX
-fJ01jynuMywPwnRZ1hESIHoAIWsTrt/CwNKlGzsCIQDAghvGQAzbTU1Q332RhnKz
-0cUeMwy8wa8o5Cbm4TiN+wB2ACk8UZZUyDlluqpQ/FgH1Ldvv1h6KXLcpMMM9OVF
-R/R4AAABZlckMRgAAAQDAEcwRQIhAKX5h+RwQMqqEbG2o0A2gLPmJeWxG7XHwtPY
-QOwLZ5EhAiAurLB5TZlS7dMbOvICDc8rVtBYSoSipyGPkHSYG9/WODANBgkqhkiG
-9w0BAQsFAAOCAQEABWWYPmE6boetZOR7GfpcKRLwlynr5wYUTU3cFlEftZ8LyHBE
-mxVlqVOooCZGFgYXpVufOuUikH+UgFe0ihn79BDm5Miflc+oxev5+8bSbRAmCCpO
-s+6q3PoulEXNGAJ0NUIzebFGVdSTIJ3uCbEzeX3j/7ECglBbKxexLoEgSqraptMJ
-MoTRjWFC+o3L09PzPO/y0nub+x7IR+1w//c8FdheYSV7kyA0p28228vr2POdCGiR
-aARruPALo2IR0XnHqkiYKp0bikgIeiJjmnDaAnZyMIHkPXHLzZncHkcdzmT1SPCw
-bHd+bNDqHLPWXCLWspr2o+2i3+JX55le+TMT2Q==
+KwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMEEG
+A1UdEQQ6MDiCCGJpdXJvLmx2ggxkZXYuYml1cm8ubHaCEHN0YWdpbmcuYml1cm8u
+bHaCDHd3dy5iaXVyby5sdjBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLf
+EwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCC
+AQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1ACk8UZZUyDlluqpQ/FgH1Ldvv1h6KXLc
+pMMM9OVFR/R4AAABZ6twN/sAAAQDAEYwRAIgVzEdMqfXOhCn3vWES4VYObl3a0TA
+K+B/mbx+czCLf/cCIDWkkCOP/LhYZs0alYH4b+x2ojB2pI3OLuqT3/9oMXA1AHYA
+dH7agzGtMxCRIZzOJU9CcMK//V5CIAjGNzV55hB7zFYAAAFnq3A6WQAABAMARzBF
+AiB+dUrdUY159aooUmcvvYcvTghM68oV09gMEd5QdCJ+GwIhAOngDvKIFhOdcYVU
+QTOPy2F0ZK27cnRvNkjgM1o9ysRNMA0GCSqGSIb3DQEBCwUAA4IBAQCJkVuGlpBX
+4vFHJtWk7W3Qm7lU6zVYvBgFtjqoLUAhzHuw/orAHOhiCESiyrQfQWRv8wHyz5GR
+eboOyAbDYVxed8TN2AcmaMxtrQgfaDP4ZUqvqh7cmfrotYX61Zi1PuBqyaI6zwio
+Y5xJgN/w6CvVljtQms6RLTB4axGOK1Ef+V2onoTxFgHvP0TBaeYpPbh2R8zvATXL
+oy5VzRxYZylLmQLZgXNQy2hjvkwmsSnahKhZn1iUAKDCwYbSstyBn2f15LrJdvOc
+e+M/nbV7M/fEAOf+Y8oy1Bokt0Kww8wUGtFs8jmd4KZTsPsQfgY3tDpy+vLRSnHk
+5Ql1KxbEETDZ
 -----END CERTIFICATE-----

certs/biuro.lv/privkey.pem

 -----BEGIN PRIVATE KEY-----
-MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQDDPx80S8O32LHh
-RIdUFljmtGRoFBavnqn6NRA0uzH9Xf7sRJ3O+55WXSSsVu8ADoXWQ0AAyUeYRGxO
-TUyB9M0Gh0/3utFloDtpS3Rd3F+b9xZ6vrs7IRfo2zq+NPDeTN+ROaZ3Gar0ivTP
-W2MTVXhv+dAZgnXr0zkWiDQKlbga0FgzR/HNfe/2kNSeKrHftLmSQDE0X8VKrQgZ
-qRal31jEtUz95ah28dv7542DMr61NY3CiJn8jMUtGE467wK9L7vWnUfz5mlKO5y7
-FA1pNrYYzhaVnmN9kZkg1eExsh5sBboYl5fWessaZsRYY7FHPPPlO/3tmnK2Rahs
-wecrNG4xAgMBAAECgf8/mYPBuNEAMcm6ydkcExKgmjoOU6chjLI4/pnv+UOM7pDU
-MstfO89Z7e+wYxDq67xDZuGFpaLVGQdlXHBq7q1M45Zy7BVU4Kvphzj6KHEhxLFx
-7SfavmYa+Y9cowYvIvzxFTp0l58qfQVNDw7D+cXNZuaSiQEu04+wjD7ytPkDqZb8
-8dy7H0IzKf67a7fvb/cLQ7KIOAfTSnDQEoaebNRZ0OxcgLBK1X5Cr2gb3T5tPBYy
-rxrbqHxfcen33Ik9WuZ095WZ1hRsaC7EYX9ddrnUZ+YGRbKwI+qgFs8IdsolasFQ
-qYQqVQRW/CFl0+93kgLQZ2R5ENivPUPE1Z8hgvUCgYEA369OoDGLIhJQup5o9AqJ
-M74yPY9KIGg/agPB83irlsaFIhQdiJ+mmTXfP4xS6RVYSDBC1DI9Bl6pGV6/cqFS
-Q2/JKqKdEnB/sxpsOWG9ldHn8dIYDEMHCIFQg+GiwRzWFP63cNSGkSDjewNenh0t
-jVf9HAbmON6cIsqTUDexUyUCgYEA33QQVywYRWVqYn1rIbXfnFfoDyNsRdQFqWQ2
-Qe/InKwZQXWsfbMKrUBibW3798B6E+wT29X9+oOwIKDg323Xe3eyCGT0kkQj5zcp
-GTQVO2R0qXWeuTMI/Qq2FNzNb9Zi+ySAYOk/2uQ/vlVCbuoJbrchFZ42g1FDUEXZ
-Gmv4Bx0CgYBY1FubDlG8hB1/Hu17DLwTylJVVBQR7pRQW5GoSKGLzOaN9AMOgKg+
-a8BukiFS4uEeOdwwPIszfmAU7SWGNj5e/YOb5NwPuJFd5P5Zg1EwsB02UUKvi+a9
-H+2DkhV6LyNtTwI2Uo/mDnOIJHxsuhWe7fRcLvk6WF0VC/GYh6Vp6QKBgQCoAAId
-GCjzW+ldPUBjqvMA/9KYNyC7a0oKbi6g6l/g8z9VyNwz8X2wfnzCG3PadJsUCWVw
-3fXC+GleTrZjJZlh2b8/sm9y3MpFl2JN8auY6NERaz43rZgvb3MwQkYutHfcrDfd
-JOD+eKc4Oa/l5g3LcOHt9/KyTlGWs70jsVNcPQKBgCyeV+b27zcITG6r8CosigIU
-YkPhIsyYxXbVmnp2Tn/kamuoQzgX6n9/FqtncaWKvFJD2ZpQsKext97dXVZkgRua
-wpmTiNjCGsglHbriPB9TQ2RmLQwkbpVoN6JegLgpoSUTJ2XlKiDOjb6+BPtOK0HU
-h5kyqRSow2Pu+wKJxIm/
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCYjXllw5OLY2bc
+vPUkdFP2PvjKl7hBhicbhrDPRiA5Tti8tkESI1cBgd5KsgnolWGqDO4UKE98neao
+Ti50Iw/muoJPuoDvgZgbiyKyJ6+Lqy04HtJKFyx3tpMpca6PZGypCeFAQOmgdX7s
+Ql6WorfBQNbP84gsa1Giq4sl63dZc5MGww8eQbeP9oM1BK3TkJW0ripjugWENZCw
+Qd16ylDqtLqZ0HAUOXLEM6kMuk0PMtsV1REymU9exoHRwlJfb2P9Fb45UR2BLpjO
+uMXBoBpZLffBBIXQde4VzVemBk6fXJV3XsUVKBDt1ylPIBqF7ZlNIJPHSapq9Wnd
+68ZCRhXPAgMBAAECggEAAdYQxCxOo4AJS2viKX5Vn7enUqJGifyy43kYug32h6oO
+ysqzeCPrwVgOVGjV3LJQ8B/it7m6fIisBOeYAIwxffijETxF9Aa5Is+8awI2RzXt
+apOtuqLnxUhxzK8SclBmTGyS2lf4V+xCIFbg1kBUJOPXvL4KLBAIoK7JkyXFPygz
+tarVV4S7D5T07prFa+qY+dkfw9fPdB0WW/26qWCYSOuAT8e3+YpvBMq2yFRDvEgT
+M314oOzQiKDXu0ykkjkmtWAbO4guaS26Q5svMAENwsKIkZJ6iWo4zcyGaGYyXkhr
+LvPsX9KbhbtjrBo9QTS3WmqVkNZAcm+ZF3bK+0Yq9QKBgQDOTeXsRI5Ya7pEbPrm
+DG0Bx8g9w0Arflkzod/INND0s2iPTSeDQVwyMSgrZ4D5YxTgiHgvq9rbFpdj4H5A
+6sL55QiemX+Y3ajRyy6HnW9awVFa5t7LuAixBDBe9BwFDYlxwz6Z03yEZgOtHuO/
+0WdnIDseRmy8Xz8YQenaUW12OwKBgQC9TOO7X5mLt5DxakqR2FU2NTxf9C4j0vNO
+Q71VqHCShBBvQFFhra5keE3HaGnStff100wTNoym+zPQY0VM1YcPwgCzyAi07lX7
+XwUk7dyOG9mV1yg71W9+SuTlWx+jy6kD/tdQY7KTnTg6hyFbQ4sLdY6nLpmNRmIl
+/nxXVqVhfQKBgQC9PuwJPiItrjSiDC5j1UYxeeiP74nv2+lL2dQEPZ7ouaLSwX3b
+g5tlV353wmynWGKQTd+iK02J6EFbl1V5i2DsB1NO2ZQY0EzKlk3KjXrWj7tnXZ1G
+1zzx1NviXp9Na0uHlgjY5w20DjiVGF7nWNo32XMhpIyeh+jDAcPZRxTYfQKBgE5r
+JMgBUW1UrQGlQ6DpWltrcEhbsiV7BPm+DBgJACFh/iDoJw5s0ZqjT600runwIfk+
+//vRlDC0TYGdLh8nMZ0wg/P2AM1bEllgwpPKyZxBI0D0caFfyKEry2jL9+51tt2F
+25JcyqRl894jDoltEJO9rkvJfSjOKGiO5NmVdktNAoGBAI7xH+xY9gv4FPwUN9+r
+EqrvO0RfoQVxJqL56caKBm7QbRrq54zSFhjre4CVoquBghlwQ7Jck75o3F+oEsPK
++9bH6BRFvJWRaiHFxP6d3ZGwY+ZI1hnMF+00RsmSCPUwJjqXbyuIO2WiALsa1KJu
+LswlHkO3Gj4ljmxnbUC8gb2T
 -----END PRIVATE KEY-----

docker-compose.yml

 version: '3.6'
 
 services:
-    nginx:
-        image: ${IMAGE_NGINX}
-        container_name: "${PROJECT}-nginx"
-        networks:
-            - front
-        ports:
-            - '80:80'
-            - '443:443'
-        volumes:
-            - ./nginx:/etc/nginx/conf.d
-            - ./logs/nginx:/var/log/nginx
-            - ./certs:/etc/letsencrypt
-            - ./certs-data:/data/letsencrypt
-            - ./wordpress:/var/www/html
-        links:
-            - wordpress
-        restart: always
-
     mysql:
         image: ${IMAGE_MYSQL}
         container_name: "${PROJECT}-mysql"
@@ -42,6 +24,7 @@ services:
             - "front"
             - "back"
         volumes:
+            - ./nginx/php.ini:/usr/local/etc/php/conf.d/php.ini
             - ./wordpress:/var/www/html
         environment:
             - WORDPRESS_DB_NAME=${DB_NAME}
@@ -65,8 +48,54 @@ services:
             - mysql
         restart: always
 
+    nginx:
+        image: ${IMAGE_NGINX}
+        container_name: "${PROJECT}-nginx"
+        networks:
+            - front
+        ports:
+            - '80:80'
+            - '443:443'
+        volumes:
+            - ./nginx/conf.d:/etc/nginx/conf.d
+            - ./nginx/h5bp:/etc/nginx/h5bp
+            - ./nginx/nginx.conf:/etc/nginx/nginx.conf
+            - ./nginx/redirects:/etc/nginx/redirects
+            - ./nginx/cache:/var/cache/nginx
+
+            - ./logs/nginx:/var/log/nginx
+            - ./certs:/etc/letsencrypt
+            - ./certs-data:/data/letsencrypt
+
+            - ./wordpress:/var/www/html
+        links:
+            - wordpress
+        restart: always
+
+    wordpress-cli:
+        image: ${IMAGE_WORDPRESS_CLI}
+        user: "${UID}:${GID}"
+        container_name: "${PROJECT}-wordpress-cli"
+        links:
+            - wordpress
+            - mysql
+        networks:
+            - "back"
+        volumes:
+            - './var/wp-cli/cache:/etc/X11/fs/.wp-cli/cache'
+
+            - ./wordpress:/var/www/html
+
+            - './wp-init.sh:/usr/local/bin/wp-init.sh'
+        command:
+            - wp-init.sh
+
 networks:
     front:
         name: "${PROJECT}-front"
     back:
         name: "${PROJECT}-back"
+
+volumes:
+        wordpress: { }
+        wp-content: { }

nginx/conf.d/server-shared.conf

+include h5bp/internet_explorer/x-ua-compatible.conf;
+include h5bp/security/content-security-policy.conf;
+include h5bp/security/referrer-policy.conf;
+include h5bp/security/strict-transport-security.conf;
+include h5bp/security/x-content-type-options.conf;
+include h5bp/security/x-frame-options.conf;
+include h5bp/security/x-xss-protection.conf;
+include h5bp/location/security_file_access.conf;
+include h5bp/location/web_performance_cache_expiration.conf;
+include h5bp/web_performance/no-transform.conf;
+include h5bp/cross-origin/requests.conf;
+
+root /var/www/html;
+index index.php;
+
+location / {
+    try_files $uri $uri/ /index.php?$args;
+}
+
+location ~ \.php$ {
+    try_files $uri =404;
+    fastcgi_split_path_info ^(.+\.php)(/.+)$;
+    fastcgi_pass wordpress:9000;
+    fastcgi_index index.php;
+    include fastcgi_params;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    fastcgi_param PATH_INFO $fastcgi_path_info;
+}

nginx/conf.d/staging-biuro.conf

+server {
+    listen      80;
+    listen [::]:80;
+    server_name staging.biuro.lt staging.biuro.lv staging.biuro.ee;
+
+    location ^~ /.well-known {
+        allow all;
+        default_type "text/plain";
+        root  /data/letsencrypt/;
+    }
+
+    location / {
+        rewrite ^ https://$host$request_uri? permanent;
+    }
+}
+
+server {
+    listen      443          ssl http2;
+    listen [::]:443         ssl http2;
+    server_name         staging.biuro.lt;
+
+    include /etc/nginx/conf.d/server-shared.conf;
+
+    ssl_certificate           /etc/letsencrypt/biuro.lt/certificate.pem;
+    ssl_certificate_key       /etc/letsencrypt/biuro.lt/privkey.pem;
+    ssl_trusted_certificate   /etc/letsencrypt/biuro.lt/ca-bundle.pem;
+
+    # 301 redirects
+    include redirects/biuro.lt.conf;
+}
+
+server {
+    listen      443         ssl http2;
+    listen [::]:443         ssl http2;
+    server_name        staging.biuro.lv;
+
+    include /etc/nginx/conf.d/server-shared.conf;
+
+    ssl_certificate           /etc/letsencrypt/biuro.lv/certificate.pem;
+    ssl_certificate_key       /etc/letsencrypt/biuro.lv/privkey.pem;
+    ssl_trusted_certificate   /etc/letsencrypt/biuro.lv/ca-bundle.pem;
+
+    # 301 redirects
+    include redirects/biuro.lv.conf;
+}
+
+
+server {
+    listen      443         ssl http2;
+    listen [::]:443         ssl http2;
+    server_name        staging.biuro.ee;
+
+    include /etc/nginx/conf.d/server-shared.conf;
+
+    ssl_certificate           /etc/letsencrypt/biuro.ee/certificate.pem;
+    ssl_certificate_key       /etc/letsencrypt/biuro.ee/privkey.pem;
+    ssl_trusted_certificate   /etc/letsencrypt/biuro.ee/ca-bundle.pem;
+
+    # 301 redirects
+    include         redirects/biuro.ee.conf;
+}

nginx/h5bp/basic.conf

+# Nginx Server Configs | MIT License
+# https://github.com/h5bp/server-configs-nginx
+
+include h5bp/internet_explorer/x-ua-compatible.conf;
+include h5bp/security/content-security-policy.conf;
+include h5bp/security/referrer-policy.conf;
+include h5bp/security/x-content-type-options.conf;
+include h5bp/security/x-frame-options.conf;
+include h5bp/security/x-xss-protection.conf;
+include h5bp/location/security_file_access.conf;
+include h5bp/web_performance/no-transform.conf;
+include h5bp/cross-origin/requests.conf;

nginx/h5bp/cross-origin/requests.conf

+# ----------------------------------------------------------------------
+# | Cross-origin requests                                              |
+# ----------------------------------------------------------------------
+
+# Allow cross-origin requests.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
+# https://enable-cors.org/
+# https://www.w3.org/TR/cors/
+
+# (!) Do not use this without understanding the consequences.
+#     This will permit access from any other website.
+#
+# Instead of using this file, consider using a specific rule such as:
+#
+# Allow access based on [sub]domain:
+#    add_header Access-Control-Allow-Origin "subdomain.example.com";
+
+add_header Access-Control-Allow-Origin $cors;

nginx/h5bp/cross-origin/resource_timing.conf

+# ----------------------------------------------------------------------
+# | Cross-origin resource timing                                       |
+# ----------------------------------------------------------------------
+
+# Allow cross-origin access to the timing information for all resources.
+#
+# If a resource isn't served with a `Timing-Allow-Origin` header that
+# would allow its timing information to be shared with the document,
+# some of the attributes of the `PerformanceResourceTiming` object will
+# be set to zero.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Timing-Allow-Origin
+# https://www.w3.org/TR/resource-timing/
+# https://www.stevesouders.com/blog/2014/08/21/resource-timing-practical-tips/
+
+add_header Timing-Allow-Origin "*";

nginx/h5bp/errors/custom_errors.conf

+# ----------------------------------------------------------------------
+# | Custom error messages/pages                                        |
+# ----------------------------------------------------------------------
+
+# Customize what Nginx returns to the client in case of an error.
+#
+# https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page
+
+error_page 404 /404.html;

nginx/h5bp/internet_explorer/x-ua-compatible.conf

+# ----------------------------------------------------------------------
+# | Document modes                                                     |
+# ----------------------------------------------------------------------
+
+# Force Internet Explorer 8/9/10 to render pages in the highest mode
+# available in the various cases when it may not.
+#
+# https://hsivonen.fi/doctype/#ie8
+#
+# (!) Starting with Internet Explorer 11, document modes are deprecated.
+# If your business still relies on older web apps and services that were
+# designed for older versions of Internet Explorer, you might want to
+# consider enabling `Enterprise Mode` throughout your company.
+#
+# https://msdn.microsoft.com/en-us/library/ie/bg182625.aspx#docmode
+# https://blogs.msdn.microsoft.com/ie/2014/04/02/stay-up-to-date-with-enterprise-mode-for-internet-explorer-11/
+# https://msdn.microsoft.com/en-us/library/ff955275.aspx
+
+add_header X-UA-Compatible $x_ua_compatible;

nginx/h5bp/location/security_file_access.conf

+# ----------------------------------------------------------------------
+# | File access                                                        |
+# ----------------------------------------------------------------------
+
+# Block access to all hidden files and directories with the exception of
+# the visible content from within the `/.well-known/` hidden directory.
+#
+# These types of files usually contain user preferences or the preserved
+# state of an utility, and can include rather private places like, for
+# example, the `.git` or `.svn` directories.
+#
+# The `/.well-known/` directory represents the standard (RFC 5785) path
+# prefix for "well-known locations" (e.g.: `/.well-known/manifest.json`,
+# `/.well-known/keybase.txt`), and therefore, access to its visible
+# content should not be blocked.
+#
+# https://www.mnot.net/blog/2010/04/07/well-known
+# https://tools.ietf.org/html/rfc5785
+
+location ~* /\.(?!well-known\/) {
+  deny all;
+}
+
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+# Block access to files that can expose sensitive information.
+#
+# By default, block access to backup and source files that may be
+# left by some text editors and can pose a security risk when anyone
+# has access to them.
+#
+# https://feross.org/cmsploit/
+#
+# (!) Update the `location` regular expression from below to
+# include any files that might end up on your production server and
+# can expose sensitive information about your website. These files may
+# include: configuration files, files that contain metadata about the
+# project (e.g.: project dependencies), build scripts, etc..
+
+location ~* (?:#.*#|\.(?:bak|conf|dist|fla|in[ci]|log|orig|psd|sh|sql|sw[op])|~)$ {
+  deny all;
+}

nginx/h5bp/location/web_performance_cache_expiration.conf

+# ----------------------------------------------------------------------
+# | Cache expiration                                                   |
+# ----------------------------------------------------------------------
+
+# Serve resources with far-future expiration date.
+#
+# (!) If you don't control versioning with filename-based
+# cache busting, you should consider lowering the cache times
+# to something like one week.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expires
+# https://nginx.org/en/docs/http/ngx_http_headers_module.html#expires
+
+# No default expire rule. This config mirrors that of apache as outlined in the
+# html5-boilerplate .htaccess file. However, nginx applies rules by location,
+# the apache rules are defined by type. A consequence of this difference is that
+# if you use no file extension in the url and serve html, with apache you get an
+# expire time of 0s, with nginx you'd get an expire header of one month in the
+# future (if the default expire rule is 1 month). Therefore, do not use a
+# default expire rule with nginx unless your site is completely static
+
+# Documents
+location ~* \.(?:manifest|appcache|html?|xml|json)$ {
+  expires 0;
+}
+
+# Feeds
+location ~* \.(?:rss|atom)$ {
+  expires 1h;
+}
+
+# Media files
+location ~* \.(?:webp|jpg|jpeg|gif|png|ico|cur|gz|svg|mp4|ogg|ogv|webm|htc)$ {
+  access_log off;
+  expires 1M;
+}
+
+# Media: svgz files are already compressed.
+location ~* \.svgz$ {
+  access_log off;
+  gzip off;
+  expires 1M;
+}
+
+# CSS and JavaScript
+location ~* \.(?:css|js)$ {
+  expires 1y;
+  access_log off;
+}
+
+# Web fonts
+# If you are NOT using cross-domain-fonts.conf, uncomment the following directive
+location ~* \.(?:eot|otf|tt[cf]|woff2?)$ {
+  expires 1M;
+  access_log off;
+}

nginx/h5bp/location/web_performance_filename-based_cache_busting.conf

+# ----------------------------------------------------------------------
+# | Filename-based cache busting                                       |
+# ----------------------------------------------------------------------
+
+# If you're not using a build process to manage your filename version
+# revving, you might want to consider enabling the following directives
+#
+# To understand why this is important and even a better solution than
+# using something like `*.css?v231`, please see:
+# https://www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/
+
+location ~* (.+)\.(?:\w+)\.(bmp|css|cur|gif|ico|jpe?g|m?js|png|svgz?|webp|webmanifest)$ {
+  try_files $uri $1.$2;
+}

nginx/h5bp/media_types/character_encodings.conf

+# ----------------------------------------------------------------------
+# | Character encodings                                                |
+# ----------------------------------------------------------------------
+
+# Serve all resources labeled as `text/html` or `text/plain`
+# with the media type `charset` parameter set to `UTF-8`.
+#
+# https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset
+
+charset utf-8;
+
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+# Update charset_types to match updated mime.types.
+# text/html is always included by charset module.
+# Default: text/html text/xml text/plain text/vnd.wap.wml application/javascript application/rss+xml
+#
+# https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset_types
+
+charset_types
+    text/css
+    text/plain
+    text/vnd.wap.wml
+    text/javascript
+    text/markdown
+    text/calendar
+    text/x-component
+    text/vcard
+    text/cache-manifest
+    text/vtt
+    application/json
+    application/manifest+json;

nginx/h5bp/media_types/media_types.conf

+# ----------------------------------------------------------------------
+# | Media types                                                        |
+# ----------------------------------------------------------------------
+
+# Serve resources with the proper media types (f.k.a. MIME types).
+#
+# https://www.iana.org/assignments/media-types/media-types.xhtml
+# https://nginx.org/en/docs/http/ngx_http_core_module.html#types
+
+include mime.types;
+
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+# Default: text/plain
+#
+# https://nginx.org/en/docs/http/ngx_http_core_module.html#default_type
+
+default_type application/octet-stream;

nginx/h5bp/security/content-security-policy.conf

+# ----------------------------------------------------------------------
+# | Content Security Policy (CSP)                                      |
+# ----------------------------------------------------------------------
+
+# Mitigate the risk of cross-site scripting and other content-injection
+# attacks.
+#
+# This can be done by setting a `Content Security Policy` which
+# whitelists trusted sources of content for your website.
+#
+# The example header below allows ONLY scripts that are loaded from
+# the current website's origin (no inline scripts, no CDN, etc).
+# That almost certainly won't work as-is for your website!
+#
+# To make things easier, you can use an online CSP header generator
+# such as: https://www.cspisawesome.com/.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+# https://www.w3.org/TR/CSP3/
+# https://content-security-policy.com/
+# https://www.html5rocks.com/en/tutorials/security/content-security-policy/
+
+add_header Content-Security-Policy $content_security_policy always;

nginx/h5bp/security/referrer-policy.conf

+# ----------------------------------------------------------------------
+# | Referrer Policy                                                    |
+# ----------------------------------------------------------------------
+
+# A web application uses HTTPS and a URL-based session identifier.
+# The web application might wish to link to HTTPS resources on other
+# web sites without leaking the user's session identifier in the URL.
+#
+# This can be done by setting a `Referrer Policy` which
+# whitelists trusted sources of content for your website.
+#
+# To check your referrer policy, you can use an online service
+# such as: https://securityheaders.io/.
+#
+# https://scotthelme.co.uk/a-new-security-header-referrer-policy/
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
+
+add_header Referrer-Policy $referrer_policy always;

nginx/h5bp/security/server_software_information.conf

+# ----------------------------------------------------------------------
+# | Server software information                                        |
+# ----------------------------------------------------------------------
+
+# Prevent Nginx from sending in the `Server` response header its
+# exact version number.
+#
+# https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens
+
+server_tokens off;

nginx/h5bp/security/strict-transport-security.conf

+# ----------------------------------------------------------------------
+# | HTTP Strict Transport Security (HSTS)                              |
+# ----------------------------------------------------------------------
+
+# Force client-side SSL redirection.
+#
+# If a user types `example.com` in their browser, even if the server
+# redirects them to the secure version of the website, that still leaves
+# a window of opportunity (the initial HTTP connection) for an attacker
+# to downgrade or redirect the request.
+#
+# The following header ensures that browser will ONLY connect to your
+# server via HTTPS, regardless of what the users type in the browser's
+# address bar.
+#
+# (!) Be aware that this, once published, is not revokable and you must ensure
+# being able to serve the site via SSL for the duration you've specified
+# in max-age. When you don't have a valid SSL connection (anymore) your
+# visitors will see a nasty error message even when attempting to connect
+# via simple HTTP.
+#
+# (!) Remove the `includeSubDomains` optional directive if the website's
+# subdomains are not using HTTPS.
+#
+# (1) If you want to submit your site for HSTS preload (2) you must
+#     * ensure the `includeSubDomains` directive to be present
+#     * the `preload` directive to be specified
+#     * the `max-age` to be at least 31536000 seconds (1 year) according to the current status.
+#
+#     It is also advised (3) to only serve the HSTS header via a secure connection.
+#
+# (2) https://hstspreload.org/
+# (3) https://tools.ietf.org/html/rfc6797#section-7.2
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+# https://tools.ietf.org/html/rfc6797#section-6.1
+# https://www.html5rocks.com/en/tutorials/security/transport-layer-security/
+# https://blogs.msdn.microsoft.com/ieinternals/2014/08/18/strict-transport-security/
+
+add_header Strict-Transport-Security "max-age=16070400; includeSubDomains" always;
+# (1) or if HSTS preloading is desired (respect (2) for current requirements):
+# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

nginx/h5bp/security/x-content-type-options.conf

+# ----------------------------------------------------------------------
+# | Reducing MIME type security risks                                  |
+# ----------------------------------------------------------------------
+
+# Prevent some browsers from MIME-sniffing the response.
+#
+# This reduces exposure to drive-by download attacks and cross-origin
+# data leaks, and should be left uncommented, especially if the server
+# is serving user-uploaded content or content that could potentially be
+# treated as executable by the browser.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+# https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-v-comprehensive-protection/
+# https://mimesniff.spec.whatwg.org/
+
+add_header X-Content-Type-Options nosniff always;

nginx/h5bp/security/x-frame-options.conf

+# ----------------------------------------------------------------------
+# | Clickjacking                                                       |
+# ----------------------------------------------------------------------
+
+# Protect website against clickjacking.
+#
+# The example below sends the `X-Frame-Options` response header with
+# the value `DENY`, informing browsers not to display the content of
+# the web page in any frame.
+#
+# This might not be the best setting for everyone. You should read
+# about the other two possible values the `X-Frame-Options` header
+# field can have: `SAMEORIGIN` and `ALLOW-FROM`.
+# https://tools.ietf.org/html/rfc7034#section-2.1.
+#
+# Keep in mind that while you could send the `X-Frame-Options` header
+# for all of your website’s pages, this has the potential downside that
+# it forbids even non-malicious framing of your content (e.g.: when
+# users visit your website using a Google Image Search results page).
+#
+# Nonetheless, you should ensure that you send the `X-Frame-Options`
+# header for all pages that allow a user to make a state changing
+# operation (e.g: pages that contain one-click purchase links, checkout
+# or bank-transfer confirmation pages, pages that make permanent
+# configuration changes, etc.).
+#
+# Sending the `X-Frame-Options` header can also protect your website
+# against more than just clickjacking attacks:
+# https://cure53.de/xfo-clickjacking.pdf.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+# https://tools.ietf.org/html/rfc7034
+# https://blogs.msdn.microsoft.com/ieinternals/2010/03/30/combating-clickjacking-with-x-frame-options/
+# https://www.owasp.org/index.php/Clickjacking
+
+add_header X-Frame-Options $x_frame_options always;

nginx/h5bp/security/x-xss-protection.conf

+# ----------------------------------------------------------------------
+# | Reflected Cross-Site Scripting (XSS) attacks                       |
+# ----------------------------------------------------------------------
+
+# (1) Try to re-enable the cross-site scripting (XSS) filter built
+#     into most web browsers.
+#
+#     The filter is usually enabled by default, but in some cases it
+#     may be disabled by the user. However, in Internet Explorer for
+#     example, it can be re-enabled just by sending the
+#     `X-XSS-Protection` header with the value of `1`.
+#
+# (2) Prevent web browsers from rendering the web page if a potential
+#     reflected (a.k.a non-persistent) XSS attack is detected by the
+#     filter.
+#
+#     By default, if the filter is enabled and browsers detect a
+#     reflected XSS attack, they will attempt to block the attack
+#     by making the smallest possible modifications to the returned
+#     web page.
+#
+#     Unfortunately, in some browsers (e.g.: Internet Explorer),
+#     this default behavior may allow the XSS filter to be exploited,
+#     thereby, it's better to inform browsers to prevent the rendering
+#     of the page altogether, instead of attempting to modify it.
+#
+#     https://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities
+#
+# (!) Do not rely on the XSS filter to prevent XSS attacks! Ensure that
+#     you are taking all possible measures to prevent XSS attacks, the
+#     most obvious being: validating and sanitizing your website's inputs.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+# https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-iv-the-xss-filter/
+# https://blogs.msdn.microsoft.com/ieinternals/2011/01/31/controlling-the-xss-filter/
+# https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
+
+add_header X-XSS-Protection $x_xss_protection always;

nginx/h5bp/ssl/certificate_files.conf

+# ----------------------------------------------------------------------
+# | Certificate files                                                  |
+# ----------------------------------------------------------------------
+
+# This default SSL certificate will be served whenever the client lacks
+# support for SNI (Server Name Indication).
+# Make it a symlink to the most important certificate you have, so that
+# users of IE 8 and below on WinXP can see your main site without SSL errors.
+#
+# (1) Certificate and key files location
+#     The certificate file can contain intermediate certificate.
+#
+#     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate
+#
+# (2) Intermediate certificate location if loaded certificate (1) does not
+#     contain intermediate certificate when enabling OCSP stanpling.
+#
+#     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate
+#
+# (3) CA certificate file location for client certificate authentication
+#
+#     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_client_certificate
+
+# (1)
+ssl_certificate /etc/nginx/certs/default.crt;
+ssl_certificate_key /etc/nginx/certs/default.key;
+
+# (2)
+# ssl_trusted_certificate /path/to/ca.crt;
+
+# (3)
+# ssl_client_certificate /etc/nginx/default_ssl.crt;

nginx/h5bp/ssl/ocsp_stapling.conf

+# ----------------------------------------------------------------------
+# | Online Certificate Status Protocol stapling                        |
+# ----------------------------------------------------------------------
+
+# OCSP is a lightweight, only one record to help clients verify the
+# validity of the server certificate.
+# OCSP stapling allow the server to send its cached OCSP record during
+# the TLS handshake, whithout the need of 3rd party OCSP responder.
+#
+# https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling
+# https://tools.ietf.org/html/rfc6066#section-8
+# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
+
+ssl_stapling on;
+ssl_stapling_verify on;
+
+resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=60s;
+resolver_timeout 2s;

nginx/h5bp/ssl/policy_deprecated.conf

+# ----------------------------------------------------------------------
+# | SSL policy - Deprecated                                            |
+# ----------------------------------------------------------------------
+
+# For services that don't need compatibility with legacy clients
+# (mostly WinXP), but still need to support a wide range of clients,
+# this configuration is recommended.
+#
+# Protect against the BEAST and POODLE attacks by not using SSLv3 at all.
+# If you need to support older browsers (IE6) you may need to add
+# SSLv3 to the list of protocols.
+#
+# Based on intermediate profile recommended by Mozilla.
+# https://mozilla.github.io/server-side-tls/ssl-config-generator/
+#
+# (1) Diffie-Hellman parameter for DHE cipher suites
+#     A 4096 bits or more DH parameter is recommended.
+#     (!) A DH parameter generation is required to enable this directive.
+#         openssl dhparam -out /etc/nginx/dhparam.pem 4096
+#     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam
+#
+# https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
+# https://nginx.org/en/docs/http/ngx_http_ssl_module.html
+
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA;
+ssl_ecdh_curve X25519:prime256v1:secp521r1:secp384r1;
+
+# (1)
+# ssl_dhparam /etc/nginx/dhparam.pem;

nginx/h5bp/ssl/policy_intermediate.conf

+# ----------------------------------------------------------------------
+# | SSL policy - Intermediate                                          |
+# ----------------------------------------------------------------------
+
+# For services that don't need backward compatibility, the parameters
+# below provide a higher level of security.
+#
+# (!) This policy enfore a strong SSL configuration, which may raise
+#     errors with old clients.
+#     If a more compatible profile is required, use intermediate policy.
+#
+# (1) The NIST curves (prime256v1, secp384r1, secp521r1) are known
+#     to be weak and potentially vulnerable but are required to support
+#     Microsoft Edge and Safari.
+#     https://safecurves.cr.yp.to/
+#
+# https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
+# https://nginx.org/en/docs/http/ngx_http_ssl_module.html
+
+ssl_protocols TLSv1.2;
+ssl_ciphers EECDH+CHACHA20:EECDH+AES;
+
+# (1)
+ssl_ecdh_curve X25519:prime256v1:secp521r1:secp384r1;

nginx/h5bp/ssl/policy_modern.conf

+# ----------------------------------------------------------------------
+# | SSL policy - Modern                                                |
+# ----------------------------------------------------------------------
+
+# For services that want to be on the bleeding edge, the parameters
+# below sacrifice compatibility for the highest level of security & performance
+#
+# (!) TLSv1.3 and it's 0-RTT feature require NGINX >=1.15.4 and OpenSSL >=1.1.1
+#     to be installed.
+#
+# (!) Don't enable `ssl_early_data` blindly! Requests sent within early data are
+#     subject to replay attacks.
+#
+# (1) The NIST curves (prime256v1, secp384r1, secp521r1) are known to be weak
+#     and potentially vulnerable.
+#
+#     Add them back to the parameter `ssl_ecdh_curve` below to support
+#     Microsoft Edge and Safari.
+#
+#     https://safecurves.cr.yp.to/
+#
+# (2) Enables TLS 1.3 0-RTT, allows for faster resumption of TLS sessions.
+#
+# (!) Requests sent within early data are subject to replay attacks.
+#     To protect against such attacks at the application layer, the
+#     $ssl_early_data variable should be used:
+#       proxy_set_header Early-Data $ssl_early_data;
+#
+#     The application should return response code 425 for anything that
+#     could contain user supplied data.
+#
+#     https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/425
+#
+# https://github.com/certbot/certbot/issues/6367
+# https://github.com/mozilla/server-side-tls/issues/217
+# https://nginx.org/en/docs/http/ngx_http_ssl_module.html
+
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers EECDH+CHACHA20:EECDH+AES;
+
+# (1)
+ssl_ecdh_curve X25519;
+
+# (2)
+#ssl_early_data on;

nginx/h5bp/ssl/ssl_engine.conf

+# ----------------------------------------------------------------------
+# | SSL engine                                                         |
+# ----------------------------------------------------------------------
+
+# (1) Optimize SSL by caching session parameters for 10 minutes.
+#     This cuts down on the number of expensive SSL handshakes.
+#     By enabling a cache, we tell the client to re-use the already
+#     negotiated state.
+#     A 1Mb cache can hold about 4000 sessions, so we can hold 40000 sessions.
+#
+# (2) Use a higher keepalive timeout to reduce the need for repeated handshakes
+#     (!) Shouldn't be done unless you serve primarily HTTPS.
+#     Default is 75s
+#
+# (3) SSL buffer size
+#     Set 1400 bytes to fit in one MTU
+#     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size
+#
+# (4) Disable session tickets
+#     Session tickets keys are not auto-rotated. Only a HUP / restart
+#     will do so and when a restart is performed the previous key is
+#     lost, which resets all previous sessions.
+#     Only enable session tickets if you setup a manual rotation mechanism.
+#     https://trac.nginx.org/nginx/changeset/1356a3b9692441e163b4e78be4e9f5a46c7479e9/nginx
+#     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets
+#
+# (5) Basic security improvements
+
+# (1)
+ssl_session_cache shared:SSL:10m;
+ssl_session_timeout 24h;
+
+# (2)
+keepalive_timeout 300s;
+
+# (3)
+# ssl_buffer_size 1400;
+
+# (4)
+ssl_session_tickets off;
+
+# (5)
+ssl_prefer_server_ciphers on;

nginx/h5bp/web_performance/cache-file-descriptors.conf

+# ----------------------------------------------------------------------
+# | Cache file-descriptors                                             |
+# ----------------------------------------------------------------------
+
+# This tells nginx to cache open file handles, "not found" errors and
+# metadata about files and their permissions.
+#
+# Based on these cached metadata, nginx can immediately begin sending
+# data when a popular file is requested, and will also know to
+# immediately send a 404 if a file is missing on disk, and so on.
+#
+# (!) It also means that the server won't react immediately to changes
+#     on disk, which may be undesirable.
+#     As only metadata are cached, edited files may be troncated until
+#     the cache is refreshed.
+#     https://github.com/h5bp/server-configs-nginx/issues/203
+#
+# In the below configuration, inactive files are released from the cache
+# after 20 seconds, whereas active (recently requested) files are
+# re-validated every 30 seconds.
+# Descriptors will not be cached unless they are used at least 2 times
+# within 20 seconds (the inactive time).
+# A maximum of the 1000 most recently used file descriptors can be
+# cached at any time.
+#
+# Production servers with stable file collections will definitely want
+# to enable the cache.
+#
+# https://nginx.org/en/docs/http/ngx_http_core_module.html#open_file_cache
+
+open_file_cache max=1000 inactive=20s;
+open_file_cache_valid 30s;
+open_file_cache_min_uses 2;
+open_file_cache_errors on;

nginx/h5bp/web_performance/cache_expiration.conf

+# ----------------------------------------------------------------------
+# | Cache expiration                                                   |
+# ----------------------------------------------------------------------
+
+# Serve resources with far-future expiration date.
+#
+# (!) If you don't control versioning with filename-based
+# cache busting, you should consider lowering the cache times
+# to something like one week.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expires
+# https://nginx.org/en/docs/http/ngx_http_headers_module.html#expires
+
+map $sent_http_content_type $expires {
+  default                               1M;
+
+  # CSS
+  text/css                              1y;
+
+  # Data interchange
+  application/atom+xml                  1h;
+  application/rdf+xml                   1h;
+  application/rss+xml                   1h;
+
+  application/json                      0;
+  application/ld+json                   0;
+  application/schema+json               0;
+  application/geo+json                  0;
+  application/xml                       0;
+  text/calendar                         0;
+  text/xml                              0;
+
+  # Favicon (cannot be renamed!) and cursor images
+  image/vnd.microsoft.icon              1w;
+  image/x-icon                          1w;
+
+  # HTML
+  text/html                             0;
+
+  # JavaScript
+  application/javascript                1y;
+  application/x-javascript              1y;
+  text/javascript                       1y;
+
+  # Manifest files
+  application/manifest+json             1w;
+  application/x-web-app-manifest+json   0;
+  text/cache-manifest                   0;
+
+
+  # Markdown
+  text/markdown                         0;
+
+  # Media files
+  audio/ogg                             1M;
+  image/bmp                             1M;
+  image/gif                             1M;
+  image/jpeg                            1M;
+  image/png                             1M;
+  image/svg+xml                         1M;
+  image/webp                            1M;
+  video/mp4                             1M;
+  video/ogg                             1M;
+  video/webm                            1M;
+
+  # WebAssembly
+  application/wasm                      1y;
+
+  # Web fonts
+  font/collection                       1M;
+  application/vnd.ms-fontobject         1M;
+  font/eot                              1M;
+  font/opentype                         1M;
+  font/otf                              1M;
+  application/x-font-ttf                1M;
+  font/ttf                              1M;
+  application/font-woff                 1M;
+  application/x-font-woff               1M;
+  font/woff                             1M;
+  application/font-woff2                1M;
+  font/woff2                            1M;
+
+  # Other
+  text/x-cross-domain-policy            1w;
+}
+
+expires $expires;

nginx/h5bp/web_performance/compression-brotli.conf

+# ----------------------------------------------------------------------
+# | Compression brotli                                                 |
+# ----------------------------------------------------------------------
+
+   brotli on;
+   brotli_comp_level 6;
+   brotli_types application/eot application/x-otf application/font application/x-perl application/font-sfnt application/x-ttf application/javascript
+               font/eot application/json font/ttf application/opentype font/otf application/otf font/opentype application/pkcs7-mime image/svg+xml
+               application/truetype text/css application/ttf text/csv application/vnd.ms-fontobject application/xhtml+xml text/javascript
+               application/xml text/js application/xml+rss text/plain application/x-font-opentype text/richtext application/x-font-truetype
+               text/tab-separated-values application/x-font-ttf text/xml application/x-httpd-cgi text/x-script application/x-javascript
+               text/x-component application/x-mpegurl text/x-java-source application/x-opentype
+               ;

nginx/h5bp/web_performance/compression.conf

+# ----------------------------------------------------------------------
+# | Compression                                                        |
+# ----------------------------------------------------------------------
+
+# https://nginx.org/en/docs/http/ngx_http_gzip_module.html
+
+# Enable gzip compression.
+# Default: off
+gzip on;
+
+# Compression level (1-9).
+# 5 is a perfect compromise between size and CPU usage, offering about
+# 75% reduction for most ASCII files (almost identical to level 9).
+# Default: 1
+gzip_comp_level 5;
+
+# Don't compress anything that's already small and unlikely to shrink much
+# if at all (the default is 20 bytes, which is bad as that usually leads to
+# larger files after gzipping).
+# Default: 20
+gzip_min_length 256;
+
+# Compress data even for clients that are connecting to us via proxies,
+# identified by the "Via" header (required for CloudFront).
+# Default: off
+gzip_proxied any;
+
+# Tell proxies to cache both the gzipped and regular version of a resource
+# whenever the client's Accept-Encoding capabilities header varies;
+# Avoids the issue where a non-gzip capable client (which is extremely rare
+# today) would display gibberish if their proxy gave them the gzipped version.
+# Default: off
+gzip_vary on;
+
+# Compress all output labeled with one of the following MIME-types.
+# text/html is always compressed by gzip module.
+# Default: text/html
+gzip_types
+  application/atom+xml
+  application/javascript
+  application/json
+  application/ld+json
+  application/manifest+json
+  application/rss+xml
+  application/geo+json
+  application/vnd.ms-fontobject
+  application/x-web-app-manifest+json
+  application/xhtml+xml
+  application/xml
+  application/rdf+xml
+  font/otf
+  application/wasm
+  image/bmp
+  image/svg+xml
+  text/cache-manifest
+  text/css
+  text/javascript
+  text/plain
+  text/markdown
+  text/vcard
+  text/calendar
+  text/vnd.rim.location.xloc
+  text/vtt
+  text/x-component
+  text/x-cross-domain-policy;
+
+# This should be turned on if you are going to have pre-compressed copies (.gz) of
+# static files available. If not it should be left off as it will cause extra I/O
+# for the check. It is best if you enable this in a location{} block for
+# a specific directory, or on an individual server{} level.
+# gzip_static on;

nginx/h5bp/web_performance/no-transform.conf

+# ----------------------------------------------------------------------
+# | Content transformation                                             |
+# ----------------------------------------------------------------------
+
+# Prevent intermediate caches or proxies (e.g.: such as the ones
+# used by mobile network providers) from modifying the website's
+# content.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
+# https://tools.ietf.org/html/rfc2616#section-14.9.5
+#
+# (!) If you are using `ngx_pagespeed`, please note that setting
+# the `Cache-Control: no-transform` response header will prevent
+# `PageSpeed` from rewriting `HTML` files, and, if the
+# `pagespeed DisableRewriteOnNoTransform off` directive isn't used,
+# also from rewriting other resources.
+#
+# https://developers.google.com/speed/pagespeed/module/configuration#notransform
+
+add_header Cache-Control "no-transform";

nginx/mime.types

+types {
+
+  # Data interchange
+
+    application/atom+xml                  atom;
+    application/json                      json map topojson;
+    application/ld+json                   jsonld;
+    application/rss+xml                   rss;
+    # Normalize to standard type.
+    # https://tools.ietf.org/html/rfc7946#section-12
+    application/geo+json                  geojson;
+    application/xml                       xml;
+    # Normalize to standard type.
+    # https://tools.ietf.org/html/rfc3870#section-2
+    application/rdf+xml                   rdf;
+
+
+  # JavaScript
+
+    # Servers should use text/javascript for JavaScript resources.
+    # https://html.spec.whatwg.org/multipage/scripting.html#scriptingLanguages
+    text/javascript                       js mjs;
+    application/wasm                      wasm;
+
+
+  # Manifest files
+
+    application/manifest+json             webmanifest;
+    application/x-web-app-manifest+json   webapp;
+    text/cache-manifest                   appcache;
+
+
+  # Media files
+
+    audio/midi                            mid midi kar;
+    audio/mp4                             aac f4a f4b m4a;
+    audio/mpeg                            mp3;
+    audio/ogg                             oga ogg opus;
+    audio/x-realaudio                     ra;
+    audio/x-wav                           wav;
+    audio/x-matroska                      mka;
+    image/bmp                             bmp;
+    image/gif                             gif;
+    image/jpeg                            jpeg jpg;
+    image/jxr                             jxr hdp wdp;
+    image/png                             png;
+    image/svg+xml                         svg svgz;
+    image/tiff                            tif tiff;
+    image/vnd.wap.wbmp                    wbmp;
+    image/webp                            webp;
+    image/x-jng                           jng;
+    video/3gpp                            3gp 3gpp;
+    video/mp4                             f4p f4v m4v mp4;
+    video/mpeg                            mpeg mpg;
+    video/ogg                             ogv;
+    video/quicktime                       mov;
+    video/webm                            webm;
+    video/x-flv                           flv;
+    video/x-mng                           mng;
+    video/x-ms-asf                        asf asx;
+    video/x-ms-wmv                        wmv;
+    video/x-msvideo                       avi;
+    video/x-matroska                      mkv mk3d;
+
+    # Serving `.ico` image files with a different media type
+    # prevents Internet Explorer from displaying then as images:
+    # https://github.com/h5bp/html5-boilerplate/commit/37b5fec090d00f38de64b591bcddcb205aadf8ee
+
+    image/x-icon                          cur ico;
+
+
+  # Microsoft Office
+
+    application/msword                                                         doc;
+    application/vnd.ms-excel                                                   xls;
+    application/vnd.ms-powerpoint                                              ppt;
+    application/vnd.openxmlformats-officedocument.wordprocessingml.document    docx;
+    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet          xlsx;
+    application/vnd.openxmlformats-officedocument.presentationml.presentation  pptx;
+
+
+  # Web fonts
+
+    font/woff                             woff;
+    font/woff2                            woff2;
+    application/vnd.ms-fontobject         eot;
+    font/ttf                              ttf;
+    font/collection                       ttc;
+    font/otf                              otf;
+
+
+  # Other
+
+    application/java-archive              ear jar war;
+    application/mac-binhex40              hqx;
+    application/octet-stream              bin deb dll dmg exe img iso msi msm msp safariextz;
+    application/pdf                       pdf;
+    application/postscript                ai eps ps;
+    application/rtf                       rtf;
+    application/vnd.google-earth.kml+xml  kml;
+    application/vnd.google-earth.kmz      kmz;
+    application/vnd.wap.wmlc              wmlc;
+    application/x-7z-compressed           7z;
+    application/x-bb-appworld             bbaw;
+    application/x-bittorrent              torrent;
+    application/x-chrome-extension        crx;
+    application/x-cocoa                   cco;
+    application/x-java-archive-diff       jardiff;
+    application/x-java-jnlp-file          jnlp;
+    application/x-makeself                run;
+    application/x-opera-extension         oex;
+    application/x-perl                    pl pm;
+    application/x-pilot                   pdb prc;
+    application/x-rar-compressed          rar;
+    application/x-redhat-package-manager  rpm;
+    application/x-sea                     sea;
+    application/x-shockwave-flash         swf;
+    application/x-stuffit                 sit;
+    application/x-tcl                     tcl tk;
+    application/x-x509-ca-cert            crt der pem;
+    application/x-xpinstall               xpi;
+    application/xhtml+xml                 xhtml;
+    application/xslt+xml                  xsl;
+    application/zip                       zip;
+    text/css                              css;
+    text/csv                              csv;
+    text/html                             htm html shtml;
+    text/markdown                         md markdown;
+    text/mathml                           mml;
+    text/plain                            txt;
+    text/vcard                            vcard vcf;
+    text/calendar                         ics;
+    text/vnd.rim.location.xloc            xloc;
+    text/vnd.sun.j2me.app-descriptor      jad;
+    text/vnd.wap.wml                      wml;
+    text/vtt                              vtt;
+    text/x-component                      htc;
+
+}

nginx/nginx.conf

+# Configuration File - Nginx Server Configs
+# https://nginx.org/en/docs/
+
+# Run as a unique, less privileged user for security reasons.
+# Default: nobody nobody
+# https://nginx.org/en/docs/ngx_core_module.html#user
+# https://en.wikipedia.org/wiki/Principle_of_least_privilege
+user nginx;
+
+# Sets the worker threads to the number of CPU cores available in the system for best performance.
+# Should be > the number of CPU cores.
+# Maximum number of connections = worker_processes * worker_connections
+# Default: 1
+# https://nginx.org/en/docs/ngx_core_module.html#worker_processes
+worker_processes auto;
+
+# Maximum number of open files per worker process.
+# Should be > worker_connections.
+# Default: no limit
+# https://nginx.org/en/docs/ngx_core_module.html#worker_rlimit_nofile
+worker_rlimit_nofile 8192;
+
+# Provides the configuration file context in which the directives
+# that affect connection processing are specified.
+# https://nginx.org/en/docs/ngx_core_module.html#events
+events {
+
+  # If you need more connections than this, you start optimizing your OS.
+  # That's probably the point at which you hire people who are smarter than you as this is *a lot* of requests.
+  # Should be < worker_rlimit_nofile.
+  # Default: 512
+  # https://nginx.org/en/docs/ngx_core_module.html#worker_connections
+  worker_connections 8000;
+
+}
+
+# Log errors and warnings to this file
+# This is only used when you don't override it on a server{} level
+# Default: logs/error.log error
+# https://nginx.org/en/docs/ngx_core_module.html#error_log
+error_log /var/log/nginx/error.log warn;
+
+# The file storing the process ID of the main process
+# Default: logs/nginx.pid
+# https://nginx.org/en/docs/ngx_core_module.html#pid
+pid /var/run/nginx.pid;
+
+http {
+
+  # Hide nginx version information.
+  include h5bp/security/server_software_information.conf;
+
+  # Specify MIME types for files.
+  include h5bp/media_types/media_types.conf;
+
+  # Set character encodings.
+  include h5bp/media_types/character_encodings.conf;
+
+  # Include $http_x_forwarded_for within default format used in log files
+  # https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format
+  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+
+  # Log access to this file
+  # This is only used when you don't override it on a server{} level
+  # Default: logs/access.log combined
+  # https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
+  access_log /var/log/nginx/access.log main;
+
+  # How long to allow each connection to stay idle.
+  # Longer values are better for each individual client, particularly for SSL,
+  # but means that worker connections are tied up longer.
+  # Default: 75s
+  # https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout
+  # keepalive_timeout 20s;
+
+  # Speed up file transfers by using sendfile() to copy directly
+  # between descriptors rather than using read()/write().
+  # For performance reasons, on FreeBSD systems w/ ZFS
+  # this option should be disabled as ZFS's ARC caches
+  # frequently used files in RAM by default.
+  # Default: off
+  # https://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile
+  sendfile on;
+
+  # Don't send out partial frames; this increases throughput
+  # since TCP frames are filled up before being sent out.
+  # Default: off
+  # https://nginx.org/en/docs/http/ngx_http_core_module.html#tcp_nopush
+  tcp_nopush on;
+
+  # Enable gzip compression.
+  include h5bp/web_performance/compression.conf;
+
+  # Enable brotli compression.
+  include h5bp/web_performance/compression-brotli.conf;
+
+  # Specify file cache expiration.
+  include h5bp/web_performance/cache_expiration.conf;
+
+  # Add X-XSS-Protection for HTML documents.
+  # h5bp/security/x-xss-protection.conf
+  map $sent_http_content_type $x_xss_protection {
+    #         (1)    (2)
+    text/html "1; mode=block";
+  }
+
+  # Add X-Frame-Options for HTML documents.
+  # h5bp/security/x-frame-options.conf
+  map $sent_http_content_type $x_frame_options {
+    text/html DENY;
+  }
+
+  # Add Content-Security-Policy for HTML documents.
+  # h5bp/security/content-security-policy.conf
+  map $sent_http_content_type $content_security_policy {
+    text/html "script-src 'self'; object-src 'self'";
+  }
+
+  # Add Referrer-Policy for HTML documents.
+  # h5bp/security/referrer-policy.conf.conf
+  map $sent_http_content_type $referrer_policy {
+    text/html "no-referrer-when-downgrade";
+  }
+
+  # Add X-UA-Compatible for HTML documents.
+  # h5bp/internet_explorer/x-ua-compatible.conf
+  map $sent_http_content_type $x_ua_compatible {
+    text/html "IE=edge";
+  }
+
+  # Add Access-Control-Allow-Origin.
+  # h5bp/cross-origin/requests.conf
+  map $sent_http_content_type $cors {
+    # Images
+    image/bmp     "*";
+    image/gif     "*";
+    image/jpeg    "*";
+    image/png     "*";
+    image/svg+xml "*";
+    image/webp    "*";
+    image/x-icon  "*";
+
+    # Web fonts
+    font/collection               "*";
+    application/vnd.ms-fontobject "*";
+    font/eot                      "*";
+    font/opentype                 "*";
+    font/otf                      "*";
+    application/x-font-ttf        "*";
+    font/ttf                      "*";
+    application/font-woff         "*";
+    application/x-font-woff       "*";
+    font/woff                     "*";
+    application/font-woff2        "*";
+    font/woff2                    "*";
+  }
+
+  # Include files in the conf.d folder.
+  # server{} configuration files should be placed in the conf.d folder.
+  # The configurations should be disabled by prefixing files with a dot.
+
+    include h5bp/ssl/ocsp_stapling.conf;
+    include h5bp/ssl/policy_modern.conf;
+    include h5bp/ssl/ssl_engine.conf;
+
+    include /etc/nginx/conf.d/staging-biuro.conf;
+}
+
+
+
+# user  nginx;
+# worker_processes  1;
+
+# error_log  /var/log/nginx/error.log warn;
+# pid        /var/run/nginx.pid;
+
+
+# events {
+#     worker_connections  1024;
+# }
+
+
+# http {
+#     include       /etc/nginx/mime.types;
+#     default_type  application/octet-stream;
+
+#     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+#                       '$status $body_bytes_sent "$http_referer" '
+#                       '"$http_user_agent" "$http_x_forwarded_for"';
+
+#     access_log  /var/log/nginx/access.log  main;
+
+#     sendfile        on;
+#     #tcp_nopush     on;
+
+#     keepalive_timeout  65;
+
+#     gzip  on;
+#     brotli on;
+
+#     ################################
+#     # DO WHATEVER YOU WANT HERE :) #
+#     ################################
+
+#     include /etc/nginx/conf.d/*.conf;
+# }

nginx/php.ini

+file_uploads = On
+memory_limit = 64M
+upload_max_filesize = 64M
+post_max_size = 64M
+max_execution_time = 600

nginx/redirects/biuro.ee.conf

+# ----------------------------------------------------------------------
+# 301 biuro.ee redirects
+# ----------------------------------------------------------------------
+
+# rewrite ^/toeoepakkumised$ / permanent;
+# rewrite ^/toeoepakkumised/(.*)$ /? permanent;
+
+# Biuro SEO issues
+# https://docs.google.com/spreadsheets/d/1dXP0dh_v2sFajrcwR2_9HONMadCdZQW4Y2dVXvhxG3E/edit?ts=5b5eaa6b#gid=0
+#
+rewrite ^/toeoeandjatele/suvetoo-pank/?$ /toeoeandjatele/ajutine-toeoehoive/ permanent;
+
+# Intertnal ex 302
+rewrite ^/rabotnikam/?$ /rabotnikam/vremennaya-rabota/ permanent;
+rewrite ^/toeoeandjatele/?$ /toeoeandjatele/ajutine-toeoehoive/ permanent;
+rewrite ^/contacts/?$ /contacts/job-seekers/ permanent;
+rewrite ^/toeoeotsijatele/?$ /toeoeotsijatele/ajutine-toeoe/ permanent;
+rewrite ^/o-biuro/?$ /o-biuro/o-nas/ permanent;
+rewrite ^/job-seekers/?$ /job-seekers/temporary-employment-in-estonia/ permanent;
+rewrite ^/home/?$ / permanent;
+rewrite ^/employers/?$ /employers/temporary-employees-in-estonia/ permanent;
+rewrite ^/kontakty/?$ /kontakty/rabotnikam/ permanent;
+rewrite ^/about-biuro/?$ /about-biuro/staffing-agency-in-estonia/ permanent;
+rewrite ^/rabotodatelyam/?$ /rabotodatelyam/vremennoe-trudoustrojstvo/ permanent;
+rewrite ^/kontaktid/?$ /kontaktid/toeoeotsijad/ permanent;
+rewrite (?i)^/Meist/?$ /Meist/meist/ permanent;

nginx/redirects/biuro.lt.conf

+# ----------------------------------------------------------------------
+# 301 biuro.lt redirects
+# ----------------------------------------------------------------------
+
+# rewrite ^/darbo-pasiulymai$ / permanent;
+# rewrite ^/darbo-pasiulymai/(.*)$ /? permanent;
+
+rewrite ^/employers/staf-search-and-selection-in-lithuania/?$ /employers/staff-search-and-selection-in-lithuania/ permanent;
+
+# Biuro SEO issues
+# https://docs.google.com/spreadsheets/d/1dXP0dh_v2sFajrcwR2_9HONMadCdZQW4Y2dVXvhxG3E/edit?ts=5b5eaa6b#gid=0
+#
+rewrite ^/contacts/course-agentures/?$ /contacts/job-seekers/ permanent;
+
+# Intertnal ex 302
+
+# --- Darbuotojams ---
+rewrite ^/darbuotojams/?$ /darbo-pasiulymai/ permanent;
+# rewrite ^/darbo-paieska/uzsidirbtilietuvoje/?$ /darbo-paieska/laikinas-darbas/ permanent;
+# rewrite ^/darbo-paieska/atvesk-drauga-gauk-dovanu/?$ /darbo-paieska/laikinas-darbas/ permanent;
+rewrite ^/darbo-paieska/uzsidirbtilietuvoje/?$ /darbo-pasiulymai/ permanent;
+rewrite ^/darbo-paieska/atvesk-drauga-gauk-dovanu/?$ /darbo-pasiulymai/ permanent;
+
+# rewrite ^/darbo-paieska/vasarosdarbubankas/?$ / permanent;
+rewrite ^/darbo-paieska/vasarosdarbubankas/?$ /darbo-pasiulymai/ permanent;
+
+rewrite ^/darbo-paieska/?$ /darbo-pasiulymai/ permanent;
+rewrite ^/darbo-paieska/laikinas-darbas/?$ /darbo-pasiulymai/ permanent;
+rewrite ^/darbo-paieska/siulo-darba/?$ /darbuotojams/siulo-darba/ permanent;
+rewrite ^/darbo-paieska/papildomas-darbas/?$ /darbuotojams/duk/ permanent;
+rewrite ^/darbo-paieska/klauskite\;/?$ /darbuotojams/kontaktai/ permanent;
+rewrite ^/darbo-paieska/klauskite/?$ /darbuotojams/kontaktai/ permanent;
+rewrite ^/kontaktai/?$ /darbuotojams/kontaktai/ permanent;
+rewrite ^/kontaktai/darbinimo-agenturos/?$ /darbuotojams/kontaktai/ permanent;
+
+# --- Darbdaviams ---
+# rewrite ^/personalo-nuoma/vasarosdarbubankas/?$ / permanent;
+rewrite ^/darbdaviams/?$ /darbdaviams/pardaviminis-puslapis-lt/ permanent;
+rewrite ^/personalo-nuoma/vasarosdarbubankas/?$ /darbdaviams/pardaviminis-puslapis-lt/ permanent;
+
+rewrite ^/personalo-nuoma/?$ /darbdaviams/pardaviminis-puslapis-lt/ permanent;
+rewrite ^/personalo-nuoma/laikinas-idarbinimas/?$ /darbdaviams/pardaviminis-puslapis-lt/ permanent;
+rewrite ^/personalo-nuoma/specialistu-nuoma/?$ /darbdaviams/specialistu-nuoma/ permanent;
+rewrite ^/personalo-nuoma/personalo-paieska-atranka/?$ /darbdaviams/personalo-paieska-ir-atranka/ permanent;
+rewrite ^/kontaktai/personalo-nuomai/?$ /darbdaviams/kontaktai/ permanent;
+rewrite ^/personalo-nuoma/siuskite-uzklausa/?$ /darbdaviams/kontaktai/ permanent;
+
+# --- Apie Mus
+rewrite ^/personalo-nuomos-paslaugos/?$ /apie-mus/ permanent;
+rewrite ^/personalo-nuomos-paslaugos/idarbinimo-agentura/?$ /apie-mus/ permanent;
+rewrite ^/personalo-nuomos-paslaugos/darbuotoju-paieska-ir-atranka/?$ /tarptautinis-tinklas/ permanent;
+rewrite ^/personalo-nuomos-paslaugos/naryste-lietuvoje/?$ /naryste-lietuvoje/ permanent;
+rewrite ^/personalo-nuomos-paslaugos/etikos-kodeksas/?$ /etikos-kodeksas/ permanent;
+rewrite ^/personalo-nuomos-paslaugos/antikorupcines-priemones/?$ /antikorupcines-priemones/ permanent;
+
+
+
+
+
+rewrite ^/employers/?$ /employers/temporary-employees-in-lithuania/ permanent;
+rewrite ^/job-seekers/?$ /job-seekers/temporary-employment-in-lithuania/ permanent;
+rewrite ^/about-biuro/?$ /about-biuro/staffing-agency-in-lithuania/ permanent;
+rewrite ^/home/?$ / permanent;
+rewrite ^/contacts/?$ /contacts/job-seekers/ permanent;
+
+rewrite ^/rabotnikam/?$ /rabotnikam/vremennoe-trudoustrojstvo-v-litve/ permanent;
+rewrite ^/o-biuro/?$ /o-biuro/agenstvo-po-naemu-personala-v-litve/ permanent;
+rewrite ^/kontakty/?$ /kontakty/rabotnikam/ permanent;
+rewrite ^/rabotodatelyam/?$ /rabotodatelyam/vremennye-rabochie-v-litve/ permanent;
+
+rewrite ^/kontaktanagaben/?$ /kontaktanagaben/personalo-nuomai-de-DE/ permanent;
+rewrite ^/fuer-arbeitnehmer/?$ /fuer-arbeitnehmer/befristete-beschaeftigung/ permanent;
+rewrite ^/fuer-arbeitgeber/?$ /fuer-arbeitgeber/befristete-beschaeftigung/ permanent;
+rewrite ^/ueber-biuro/?$ /ueber-biuro/ueber-die-arbeitsvermittlungsagentur/ permanent;
+
+rewrite ^/assets/(.*)CODE-OF-CONDUCT-LT.pdf$ /wp-content/uploads/2018/10/CODE-OF-CONDUCT-LT.pdf permanent;
+rewrite ^/assets/(.*)CODE-OF-CONDUCT-EN.pdf$ /wp-content/uploads/2018/10/CODE-OF-CONDUCT-EN.pdf permanent;
+
+
+
+
+
+
+

nginx/redirects/biuro.lv.conf

+# ----------------------------------------------------------------------
+# 301 biuro.lv redirects
+# ----------------------------------------------------------------------
+
+# rewrite ^/darba-piedavajumi$ / permanent;
+# rewrite ^/darba-piedavajumi/(.*)$ /? permanent;
+
+# Biuro SEO issues
+# https://docs.google.com/spreadsheets/d/1dXP0dh_v2sFajrcwR2_9HONMadCdZQW4Y2dVXvhxG3E/edit?ts=5b5eaa6b#gid=0
+#
+rewrite ^/darba-devejiem/vasaras-darbu-banka/?$ /darba-devejiem/pagaidu-nodarbinatiba/ permanent;
+
+# Intertnal ex 302
+rewrite ^/darba-mekletajiem/?$ /darba-mekletajiem/pagaidu-darbs/ permanent;
+rewrite ^/about-biuro/?$ /about-biuro/staffing-agency-in-latvia/ permanent;
+rewrite ^/contacts/?$ /contacts/job-seekers/ permanent;
+rewrite ^/rabotnikam/?$ /rabotnikam/vremennoe-trudoustrojstvo-v-latvii/ permanent;
+rewrite ^/kontakty/?$ /kontakty/rabotnikam/ permanent;
+rewrite ^/par-biuro/?$ /par-biuro/par-mums/ permanent;
+rewrite ^/employers/?$ /employers/temporary-employees-in-latvia/ permanent;
+rewrite ^/darba-devejiem/?$ /darba-devejiem/pagaidu-nodarbinatiba/ permanent;
+rewrite ^/rabotodatelyam/?$ /rabotodatelyam/vremennye-rabochie-v-latvii/ permanent;
+rewrite ^/o-biuro/?$ /o-biuro/agenstvo-po-naemu-personala-v-latvii/ permanent;
+rewrite ^/home/?$ / permanent;
+rewrite ^/kontakti/?$ /kontakti/darba-mekletajiem/ permanent;
+rewrite ^/job-seekers/?$ /job-seekers/temporary-job-in-latvia/ permanent;

wp-init.sh

+sleep 60;
+
+echo "WP CLI init"
+
+# !/usr/bin/env sh
+
+# Install WordPress.
+# wp core install \
+#     --path="/var/www/html"\
+#     --title="Biuro" \
+#     --admin_user="biuro" \
+#     --admin_password="laikinas2587" \
+#     --admin_email="info@biuro.eu" \
+#     --url="https://dev.biuro.lt" \
+#     --skip-email
+
+# https://www.exove.com/blog/developing-with-wordpress-part-4-wp-cli-basics/
+
+# https://developer.wordpress.org/cli/commands/
+
+# WP update
+wp core update --force
+wp core update-db --network
+
+# Update permalink structure.
+wp option update permalink_structure "/%postname%/" --skip-themes --skip-plugins
+wp option update timezone_string "Manual Offsets/UTC+2"
+wp option update date_format "Y-m-d"
+wp option update time_format "H:i"
+
+# Install plugins
+wp plugin install permalink-manager --force --activate-network
+wp plugin install pods --activate-network
+wp plugin install polylang --activate-network
+wp plugin install wordpress-seo --activate-network
+# wp plugin install wordpress-seo --activate
+
+# Update all plugins
+wp plugin update --all
+
+# Activate plugin.
+wp plugin activate akismet --network
+wp plugin activate cookies-warning --network
+wp plugin activate data-controller --network
+# wp plugin activate jobs-importer
+
+# WP themes
+wp theme update --all
+wp theme activate biuro
+
+# Update translations
+wp language core update
+wp language theme update --all
+wp language plugin update --all
+
+echo "WP CLI done. Ready to use."