release 0.0.32

.env

+PROJECT=biuro-www
+
+IMAGE_NGINX=fholzer/nginx-brotli
+IMAGE_MYSQL=mariadb:10.3
+IMAGE_WORDPRESS=biuro/web:0.0.32
+IMAGE_WORDPRESS_CLI=wordpress:cli-php7.3
+
+DB_NAME=www_biuro
+DB_HOST=mysql
+DB_USERNAME=www_user
+DB_PASSWORD=qzl8pMNV^gZ&c1!7ebVsXqQh
+DB_ROOT_PASSWORD=#w1ML4QfWaR*8dBYRL7aZJI$
+
+UID=33
+GID=33
+
+NGINX_NAME_LT=www.biuro.lt
+NGINX_NAME_LV=www.biuro.lv
+NGINX_NAME_EE=www.biuro.ee

.gitignore

+.idea/
+var/
+wordpress/
+logs/nginx/*.log

certs-data/.well-known/acme-challenge/2AiWWL5aYh3aGhWzb4sdAJ7iu-q5i1X4iq5bwr8yn5M

+2AiWWL5aYh3aGhWzb4sdAJ7iu-q5i1X4iq5bwr8yn5M.dYDoUpEDzIwi1VYdflaPyiwOtjumQGGCMJYiFPPpD5Q
\ No newline at end of file

certs-data/.well-known/acme-challenge/3h-6VKVjTJ31UzPy1Qd7nHA7BWGF1b8QjT79-EKRM00

+3h-6VKVjTJ31UzPy1Qd7nHA7BWGF1b8QjT79-EKRM00.dYDoUpEDzIwi1VYdflaPyiwOtjumQGGCMJYiFPPpD5Q
\ No newline at end of file

certs-data/.well-known/acme-challenge/TZoVs4ZhXdX9Li3CNzsjVGnprLrfYPmRF7WuNqf3CF0

+TZoVs4ZhXdX9Li3CNzsjVGnprLrfYPmRF7WuNqf3CF0.dYDoUpEDzIwi1VYdflaPyiwOtjumQGGCMJYiFPPpD5Q
\ No newline at end of file

certs/biuro.ee/ca_bundle.crt

+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----
\ No newline at end of file

certs/biuro.ee/certificate.crt

+-----BEGIN CERTIFICATE-----
+MIIFVzCCBD+gAwIBAgISA+MN7ZuoXBPJgr9mfvc5dQHEMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTAzMTMwNjU3MjNaFw0x
+OTA2MTEwNjU3MjNaMBsxGTAXBgNVBAMTEHN0YWdpbmcuYml1cm8uZWUwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK5/u7YJbv80MKRPkifNA9jZTdW+nQ
+ayoo21XwSHUJBwhYWs++vIt3jRB0UVnGW30p1uIo6nwNLIZFr4lJSexWmdIC/aki
+bUn9lZmQG33efRB7pNf+f1Vbf8Kkr9fkiEvZ6wa2hkwow9qzI+NzBpp0wW4ME0Wp
+QXbs93Ix2tBr21JuKInBRtIeJq0pBteLi//0l0MejK2LZze4aIQK2DV4rUpUR3ZV
+XE2GKOVNj0Og3EFtUOQ/4OIVlpV+WCPT1Y0vZiWHwLXzSCMiF9v2jQgWBdVo5IBl
+DDsTML15vsLkzDs6w5+K1gM84k3YEGvJXhUL0Xrju2ik/QLEeVm7+WSnAgMBAAGj
+ggJkMIICYDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
+AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFIt/Wop/WjaK2MC5d0PD4JK/
+SsRBMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEB
+BGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0
+Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0
+Lm9yZy8wGwYDVR0RBBQwEoIQc3RhZ2luZy5iaXVyby5lZTBMBgNVHSAERTBDMAgG
+BmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3Bz
+LmxldHNlbmNyeXB0Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1AHR+2oMx
+rTMQkSGcziVPQnDCv/1eQiAIxjc1eeYQe8xWAAABaXYOUVsAAAQDAEYwRAIgJPDo
+McFeiCtoDRZS0q6wdy73blqiHv3tADoSrOuaWGwCIH4f1E72UB6NITp3gkzJ9tB+
+TD/BWVtrE6CLyEzMIfDKAHYAKTxRllTIOWW6qlD8WAfUt2+/WHopctykwwz05UVH
+9HgAAAFpdg5RggAABAMARzBFAiEA/qbf7/kjjGMw6QdYhSL0jPnwlACvVsv3+hdA
+EuodMrcCIEJpjUt3jSti5Lye87z6NQ3pE9YHCH4fu0Lpi6g25rQtMA0GCSqGSIb3
+DQEBCwUAA4IBAQBRgGs2rMD34ReVs5RTIF+GztH91MD9y9CJtFRJkdwMQH0y7JLE
+R3JzGooXvXi5DR0zmlg3YcRAOky3yvjbrf6oXF5Vxm1SsvqLKHmXVx5qX9+UVdqU
++70UYiqeFgeJ0i1Z661wTz038nwXpQ12I73L27oeWPh/Ez3o3g5q5neuHCCuG9x2
+N8+5tlcvNI0lFAQGwMxlBaElT1jz6N+satOV73jihtGrFTVcr/fKTVr56GGnxjqb
+rRzISsjdQfBD/36luCEsSQPoVFwriJXw/OSLUA4176utnGvZlpWlrmu7pekbM5wY
+AYUEbyOfsQDQUC/ImHOxv1x2S1qAZ3ZIb5fQ
+-----END CERTIFICATE-----

certs/biuro.ee/fullchain.pem

+-----BEGIN CERTIFICATE-----
+MIIFVzCCBD+gAwIBAgISA+MN7ZuoXBPJgr9mfvc5dQHEMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTAzMTMwNjU3MjNaFw0x
+OTA2MTEwNjU3MjNaMBsxGTAXBgNVBAMTEHN0YWdpbmcuYml1cm8uZWUwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK5/u7YJbv80MKRPkifNA9jZTdW+nQ
+ayoo21XwSHUJBwhYWs++vIt3jRB0UVnGW30p1uIo6nwNLIZFr4lJSexWmdIC/aki
+bUn9lZmQG33efRB7pNf+f1Vbf8Kkr9fkiEvZ6wa2hkwow9qzI+NzBpp0wW4ME0Wp
+QXbs93Ix2tBr21JuKInBRtIeJq0pBteLi//0l0MejK2LZze4aIQK2DV4rUpUR3ZV
+XE2GKOVNj0Og3EFtUOQ/4OIVlpV+WCPT1Y0vZiWHwLXzSCMiF9v2jQgWBdVo5IBl
+DDsTML15vsLkzDs6w5+K1gM84k3YEGvJXhUL0Xrju2ik/QLEeVm7+WSnAgMBAAGj
+ggJkMIICYDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
+AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFIt/Wop/WjaK2MC5d0PD4JK/
+SsRBMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEB
+BGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0
+Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0
+Lm9yZy8wGwYDVR0RBBQwEoIQc3RhZ2luZy5iaXVyby5lZTBMBgNVHSAERTBDMAgG
+BmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3Bz
+LmxldHNlbmNyeXB0Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1AHR+2oMx
+rTMQkSGcziVPQnDCv/1eQiAIxjc1eeYQe8xWAAABaXYOUVsAAAQDAEYwRAIgJPDo
+McFeiCtoDRZS0q6wdy73blqiHv3tADoSrOuaWGwCIH4f1E72UB6NITp3gkzJ9tB+
+TD/BWVtrE6CLyEzMIfDKAHYAKTxRllTIOWW6qlD8WAfUt2+/WHopctykwwz05UVH
+9HgAAAFpdg5RggAABAMARzBFAiEA/qbf7/kjjGMw6QdYhSL0jPnwlACvVsv3+hdA
+EuodMrcCIEJpjUt3jSti5Lye87z6NQ3pE9YHCH4fu0Lpi6g25rQtMA0GCSqGSIb3
+DQEBCwUAA4IBAQBRgGs2rMD34ReVs5RTIF+GztH91MD9y9CJtFRJkdwMQH0y7JLE
+R3JzGooXvXi5DR0zmlg3YcRAOky3yvjbrf6oXF5Vxm1SsvqLKHmXVx5qX9+UVdqU
++70UYiqeFgeJ0i1Z661wTz038nwXpQ12I73L27oeWPh/Ez3o3g5q5neuHCCuG9x2
+N8+5tlcvNI0lFAQGwMxlBaElT1jz6N+satOV73jihtGrFTVcr/fKTVr56GGnxjqb
+rRzISsjdQfBD/36luCEsSQPoVFwriJXw/OSLUA4176utnGvZlpWlrmu7pekbM5wY
+AYUEbyOfsQDQUC/ImHOxv1x2S1qAZ3ZIb5fQ
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----

certs/biuro.ee/private.key

+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDK5/u7YJbv80MK
+RPkifNA9jZTdW+nQayoo21XwSHUJBwhYWs++vIt3jRB0UVnGW30p1uIo6nwNLIZF
+r4lJSexWmdIC/akibUn9lZmQG33efRB7pNf+f1Vbf8Kkr9fkiEvZ6wa2hkwow9qz
+I+NzBpp0wW4ME0WpQXbs93Ix2tBr21JuKInBRtIeJq0pBteLi//0l0MejK2LZze4
+aIQK2DV4rUpUR3ZVXE2GKOVNj0Og3EFtUOQ/4OIVlpV+WCPT1Y0vZiWHwLXzSCMi
+F9v2jQgWBdVo5IBlDDsTML15vsLkzDs6w5+K1gM84k3YEGvJXhUL0Xrju2ik/QLE
+eVm7+WSnAgMBAAECggEAAlmOGtgGi6zKxTOLVsKDVROT3DcLJxNplkpVCSn/wghm
+of+G0DnNceQ609e1ckQhw6fiSU46uPjcbR2zOYCcNp/MhMCcmgMtAFGS6qyPrHn5
+M6hRWdadg68mv/6b94kgBXA7zQLCJYH5dx/L/IFTJqZrjmTSo0HRzVEcZuTuR8YZ
+B80gClhvg7vKmaz+ghetcm+vCGkFaBv0x2EWz3tIl7VNNrK62QN87Ts2FFI2zXA+
+5Dwef4XlzWlDgH/JgMgQj8vfPEr5yQX5v5FssCvU2ASJ5814kQpbhGqeAOQU6yr8
+1BAfb/F6j13Ly7GeuUZP30V6dyUrH7RMMN4FalprsQKBgQD3lwojqfLyCjxnUuAq
+H4GEKU4UEIlH/x2U12IAJHd60eGogP7P77dQ3fJ2BADifgvQPt3gGGwzm8gg6gAS
+WLbFOHOMX49e9+hWainzBZXGqEMr1+/PobokWB1oA6DHOmVG38ZRGzfZiMu10oXh
+X+aB56by2AGi6SvvitLokXTq1wKBgQDRzGNbyW3JtLGpsAyJdjQpeQw0mzCKeT/9
+chcYHk1Rf1KqkYnmz0z471qJQddjqJ3KF7Ii9cQjdVHF+Y0aZ7Gjaip/wDUKnGhx
+OZ/EBzP/5JvRtHVHzmo7AR33y+Lg0czLArI0TwRc6x3F9/HO5G04TNofGH9xzqbn
+ZFOg/4pqsQKBgDPdxzj7ZDKCJG88tEr+uKIYCQw4/pk/f1Hr4NLI0OLAzvX+t+KV
+hCCDrkQ8yHaqEw137gEA/MG+86i5fHRbc0ZTchlI937cjiZ0LP+E/wBTxWaM4Obt
+KVJtxxNAF1FFEWxMen4JJqUCfDJFvNgev+ocviOHTqhzEkonGdGwjv6XAoGAERnV
+539twYlHCgvdmb7W1aKWSht0Q3VKsAACveaKauAz/s9KLFQtdAUenh2NzwPJiNWR
+oaPizvkbJ0YGKGbXZfibajpimHDTWpdV3IaxyGP8B4XsIWRD6HdY1//4iFbRmKKp
+n/Xo5yILFT32qeSYuoQZK3u1t7Mei7Hz1yW9RKECgYBEODrcPfSbO4VueWivPoOA
+XYrT64bO649kYibJlSeeYU3aIp4cPhWBLv3L5FzK2zl7ZL1bcg9AjKN3+ybn3Dvm
+0891TNtVVuwhUbjQUWZOrnQdrv934RqcuI/017d+zqvmME2mnnp5t14U9Dao5lKO
+s1n/KJql+E0aOxgdBFHXtg==
+-----END PRIVATE KEY-----
\ No newline at end of file

certs/biuro.lt/ca_bundle.crt

+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----
\ No newline at end of file

certs/biuro.lt/certificate.crt

+-----BEGIN CERTIFICATE-----
+MIIFWDCCBECgAwIBAgISA+rO9x7KpLJB7k4goLQcIudMMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA0MjkxMTIxNTlaFw0x
+OTA3MjgxMTIxNTlaMBMxETAPBgNVBAMTCGJpdXJvLmx0MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA2vDWPs0vXgbx/9jmGtUfdNwv7OKLIlCuhlQBF8Qm
+y5BMPoMZnQVq+8bmWyigsz3KAkweEFvAC+I7SA9HAqrk0OmuycFNSauWKB91Agmr
+9Ik39CKi29iBAYEBIXR85/5+VOcOhDnjjmsURIztek5T9s77X1+5eE6BvSr5Bkj4
+FYmpku/Gl/gvzmmzgiGfK2LW+LdlFzuz88l3LNKeVuAbkDFQ+afuSoLIzALMFIVx
+qkxyj/N0P5pqH1Q9sXj+JSsCx8Fml4+A0E1FV3fA+FB+QjJSvOByJhuDamJBUTn0
+47/OmABK2Sob+Q0Dfkb7bk3mmOOYQW5lr+kbWwem0QrIMwIDAQABo4ICbTCCAmkw
+DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAM
+BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQojxmOgm3Dxq6ArNuQHn0aVzPvRzAfBgNV
+HSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYI
+KwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYI
+KwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMCEG
+A1UdEQQaMBiCCGJpdXJvLmx0ggx3d3cuYml1cm8ubHQwTAYDVR0gBEUwQzAIBgZn
+gQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5s
+ZXRzZW5jcnlwdC5vcmcwggEGBgorBgEEAdZ5AgQCBIH3BIH0APIAdwDiaUuuJujp
+QAnohhu2O4PUPuf+dIj7pI8okwGd3fHb/gAAAWppC3MhAAAEAwBIMEYCIQCg2Khp
+2kTnDCS8V8QhDoctKMY1w0NXX7DErtPpTOE4NwIhAJNheJtTli/jLET75DoRoOFZ
+fM2dY+QHXlEcZxRZZ1nUAHcAKTxRllTIOWW6qlD8WAfUt2+/WHopctykwwz05UVH
+9HgAAAFqaQtzQgAABAMASDBGAiEA4TFX0dX/WLfDrEGdMPOIA6AY3Efyfo/MclpV
+WBdWwe0CIQDik6KTjQZoVUu04u1D4hHci/399PlpwGEnS19+CNEmPjANBgkqhkiG
+9w0BAQsFAAOCAQEARnxfE9itAEJuQGM6goeH0YlrSSyIuItk73fgn3ysSHEx1fmp
+02UDJ3Xbqtdgb7fPnKYOxSSth15F++uTBrHGvKtzIJzpTYQuShgcuOunu0yOJ956
+pRqOxi2NJ0lWoU79DeVV4fo4k2ELZRz5QixVi1fwXAfiW5c+W4qaJVgtHmb7aBkq
+wEdcnzHNtlXSqHNYgIFUOAwIbjOH2aJcOpUPO0ORHB+E/4amKSMV+NXXJwfrwcTY
+NFRhBnN06bUGcJArc7F18lJ05W+d/lKzV5DDzfm6+ngNzqRVrd3k7H/XDE/fM+RY
+slSG5y44gKrUabQ1YW4jZGunN2okr6xjSgL1Ng==
+-----END CERTIFICATE-----
\ No newline at end of file

certs/biuro.lt/fullchain.pem

+-----BEGIN CERTIFICATE-----
+MIIFWDCCBECgAwIBAgISA+rO9x7KpLJB7k4goLQcIudMMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA0MjkxMTIxNTlaFw0x
+OTA3MjgxMTIxNTlaMBMxETAPBgNVBAMTCGJpdXJvLmx0MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA2vDWPs0vXgbx/9jmGtUfdNwv7OKLIlCuhlQBF8Qm
+y5BMPoMZnQVq+8bmWyigsz3KAkweEFvAC+I7SA9HAqrk0OmuycFNSauWKB91Agmr
+9Ik39CKi29iBAYEBIXR85/5+VOcOhDnjjmsURIztek5T9s77X1+5eE6BvSr5Bkj4
+FYmpku/Gl/gvzmmzgiGfK2LW+LdlFzuz88l3LNKeVuAbkDFQ+afuSoLIzALMFIVx
+qkxyj/N0P5pqH1Q9sXj+JSsCx8Fml4+A0E1FV3fA+FB+QjJSvOByJhuDamJBUTn0
+47/OmABK2Sob+Q0Dfkb7bk3mmOOYQW5lr+kbWwem0QrIMwIDAQABo4ICbTCCAmkw
+DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAM
+BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQojxmOgm3Dxq6ArNuQHn0aVzPvRzAfBgNV
+HSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYI
+KwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYI
+KwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMCEG
+A1UdEQQaMBiCCGJpdXJvLmx0ggx3d3cuYml1cm8ubHQwTAYDVR0gBEUwQzAIBgZn
+gQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5s
+ZXRzZW5jcnlwdC5vcmcwggEGBgorBgEEAdZ5AgQCBIH3BIH0APIAdwDiaUuuJujp
+QAnohhu2O4PUPuf+dIj7pI8okwGd3fHb/gAAAWppC3MhAAAEAwBIMEYCIQCg2Khp
+2kTnDCS8V8QhDoctKMY1w0NXX7DErtPpTOE4NwIhAJNheJtTli/jLET75DoRoOFZ
+fM2dY+QHXlEcZxRZZ1nUAHcAKTxRllTIOWW6qlD8WAfUt2+/WHopctykwwz05UVH
+9HgAAAFqaQtzQgAABAMASDBGAiEA4TFX0dX/WLfDrEGdMPOIA6AY3Efyfo/MclpV
+WBdWwe0CIQDik6KTjQZoVUu04u1D4hHci/399PlpwGEnS19+CNEmPjANBgkqhkiG
+9w0BAQsFAAOCAQEARnxfE9itAEJuQGM6goeH0YlrSSyIuItk73fgn3ysSHEx1fmp
+02UDJ3Xbqtdgb7fPnKYOxSSth15F++uTBrHGvKtzIJzpTYQuShgcuOunu0yOJ956
+pRqOxi2NJ0lWoU79DeVV4fo4k2ELZRz5QixVi1fwXAfiW5c+W4qaJVgtHmb7aBkq
+wEdcnzHNtlXSqHNYgIFUOAwIbjOH2aJcOpUPO0ORHB+E/4amKSMV+NXXJwfrwcTY
+NFRhBnN06bUGcJArc7F18lJ05W+d/lKzV5DDzfm6+ngNzqRVrd3k7H/XDE/fM+RY
+slSG5y44gKrUabQ1YW4jZGunN2okr6xjSgL1Ng==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----

certs/biuro.lt/private.key

+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDa8NY+zS9eBvH/
+2OYa1R903C/s4osiUK6GVAEXxCbLkEw+gxmdBWr7xuZbKKCzPcoCTB4QW8AL4jtI
+D0cCquTQ6a7JwU1Jq5YoH3UCCav0iTf0IqLb2IEBgQEhdHzn/n5U5w6EOeOOaxRE
+jO16TlP2zvtfX7l4ToG9KvkGSPgViamS78aX+C/OabOCIZ8rYtb4t2UXO7PzyXcs
+0p5W4BuQMVD5p+5KgsjMAswUhXGqTHKP83Q/mmofVD2xeP4lKwLHwWaXj4DQTUVX
+d8D4UH5CMlK84HImG4NqYkFROfTjv86YAErZKhv5DQN+RvtuTeaY45hBbmWv6Rtb
+B6bRCsgzAgMBAAECggEAQTscOh3cDQG4vGedN0VkV+b6iHN+zLyJIxCIOtKAVIor
+jTx2NyhUFavPGj3ik0THmSOgmXMcpu3Ch9e1aoAMKIpXP1lOc7KhzFaDABZtmy/+
+8cgYCbRZy17qPVN9m4lhjl5BHvg4akhRA5ORda08qv5EOshEdCm/0eKpy0uWTqPm
+Abu0wM2by/yf/S4md8FJLQ/p4DF+sjgo4HOy3W0GliTNP816KkOQgkfzJCeTBBJt
+aLPIfz3Pdsspu9eimTZyjpTTOhjJSbaMgK/mqyKmlLvrL7mBOIH7ESBL27Tpnd4+
+h/Y06a2xNzqh1HNcOU/Mu6kgqh1Ulupce6r2rJh1YQKBgQD7qdy5GNe6BpygiR7m
+rFPx9R/xBEt8p18fguSWofvpFzd6N+6AWXBVH/+5lubguSyD4vdfywaqkztgmpM6
+3Y/hk+Jn7oJ3BxSjSJwDqaHK73eNqKmFSi0d/cF3lEXq4UxuUh0UeLKxTmuTTd03
+vAFn+NtDf2z5qHJYTDQD/em/OwKBgQDetqDMq6VlG+NB/YTWDJQdEigNamUm6fFQ
+6rcoVmq9P1KvY/Jouh2PQkf2qxqu5DRxve8wf7ecI+/zhZYmEi3eMX42wx1okewd
+s8J/JiBz7YIbOJnR9KskzNfJqM4bBF3ehs1bxSYeUuVJFCgztKiOu2+Ph7BqKgmc
+JRiRVz57aQKBgGpcZe7Msw/qD3RBv4+aMXhHMxK3z/eE/UziEx4eo8rlhwrebKxO
+II25kmirgDRlzoyG9inEMrMQur2fVq5ASbj6uWtXgEgx8+T2oQljPf/4qTxzlgHB
+UcQlJQkW313fjl/p0GSAhnUtQYXmGKKfkLCSmoiyaCozqO/sdOdi/tFVAoGAKi30
+bk7j2C5b8BePnOps8sSJiWDpH2GXLngFkEItnQHtKwKG2obFKminMHRfbVgTBqeu
+MUU/BPdZbomSUkuHHFnLSZvSageY7FcrMuGJq+sDhRxHJZhtAV86TxsFTeCZ1pc5
+NXQ1L/ELM7f5lTFV6xJcopZUNwcXItdzu7MGRmECgYEA9ooyDPVNqzIcSPz0yKHe
+m7TUP90ndcdJumho8lC+WZqHY+XnZI89RJ7Zj7A6FFc91oeki2UmEIV9tmwu3pIW
+XR7+riyWctq6udsACyySsowZ9qGlCwPvk1PY+xo6qz/jSIKh0B9W2Fzmaw+fOoZQ
+P4oXf2ZBSsAQzIp86mTBfv8=
+-----END PRIVATE KEY-----
\ No newline at end of file

certs/biuro.lv/ca_bundle.crt

+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----
\ No newline at end of file

certs/biuro.lv/certificate.crt

+-----BEGIN CERTIFICATE-----
+MIIFVzCCBD+gAwIBAgISAxCZdkZuJE6gHHODfS3J1g7OMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTAzMTMwNjU1NTBaFw0x
+OTA2MTEwNjU1NTBaMBsxGTAXBgNVBAMTEHN0YWdpbmcuYml1cm8ubHYwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT1dqmHYMVgbxKmm2xIAw3sD1OtvQf
+jjpJpogOuVaC/vF4L0a3UuOOBtBJ9xWIdyCkIWOvLJWgAWhb+Wc/0Y7uAA6QuXCH
+YsHLbzL9H7YOGODCmo8PXE2WEUveeq9ahrvqaaDuwCM6I2b6Jev8cTV6a761SY76
+iZZ1cPtvAmLn6t3BHWbN6rzRpQ77biTMJ2mMC7FQ4xFDRDvWuns7+cstJMeAVKNa
+y0vEnM1AO4GHvXwcbr3HEQzyqWwxxX2bMFQ6gltwIZkz3cORMPaaEAON+n+RHKJ/
+s5XGz6PrgcFqIrAD5+gIDy5KhtrXxIKaP4fNJB5MI0wHDdiGhrJETgT3AgMBAAGj
+ggJkMIICYDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
+AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKR4EkwrlTlrlXGnv/Tvt6NR
+cYGSMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEB
+BGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0
+Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0
+Lm9yZy8wGwYDVR0RBBQwEoIQc3RhZ2luZy5iaXVyby5sdjBMBgNVHSAERTBDMAgG
+BmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3Bz
+LmxldHNlbmNyeXB0Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1AGPy283o
+O8wszwtyhCdXazOkjWF3j711pjixx2hUS9iNAAABaXYM568AAAQDAEYwRAIgMihO
+XUizvNeVBDlloYCjjNxvHdd2G4sFNXHHBBsDqb0CIBABKaqPILhnFWrGzSea3wzm
+b4amqFPyTXSWVFHK48dPAHYA4mlLribo6UAJ6IYbtjuD1D7n/nSI+6SPKJMBnd3x
+2/4AAAFpdgzpUAAABAMARzBFAiBKnGqlEO4MfKw2SdIyoxLGlYHK9USID01Ng2tY
+VTo0VQIhAKDDCbmlX3nhRYM9M0iXHoiIrw5eEDAaDtKCPnV78qCDMA0GCSqGSIb3
+DQEBCwUAA4IBAQCFVOj0NbgpAEHPRwiartJ4mOOZk5GvX9Cy29YV2U9n/pKUHnD/
+OQ7dvhwHLccRVbTkmwwpCeoubGmIBPGh0nkEHLstoA2+tTfTDwDtGVfVubn2lOYD
+J00S9S+Y770ynrVyF15Gga4tCh11O1qSMo9EQ0Q5bSU+26Htm23WrtueHnxrKVk/
+JgeBg7ObByfgAnLel+joggiZ6VNI9JawT6TLL8040angXcP9CcIaNgULF5+YUNv9
+VErnMxBDzaTiXoq8lkk+SWAax6QkB+3Gyhj/sGA6BiykNSd7D57zPzjK3ImSTSFC
+KitSqnKgLU71bJAcEscfhV/bEeR+4p/FJuu9
+-----END CERTIFICATE-----

certs/biuro.lv/fullchain.pem

+-----BEGIN CERTIFICATE-----
+MIIFVzCCBD+gAwIBAgISAxCZdkZuJE6gHHODfS3J1g7OMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTAzMTMwNjU1NTBaFw0x
+OTA2MTEwNjU1NTBaMBsxGTAXBgNVBAMTEHN0YWdpbmcuYml1cm8ubHYwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT1dqmHYMVgbxKmm2xIAw3sD1OtvQf
+jjpJpogOuVaC/vF4L0a3UuOOBtBJ9xWIdyCkIWOvLJWgAWhb+Wc/0Y7uAA6QuXCH
+YsHLbzL9H7YOGODCmo8PXE2WEUveeq9ahrvqaaDuwCM6I2b6Jev8cTV6a761SY76
+iZZ1cPtvAmLn6t3BHWbN6rzRpQ77biTMJ2mMC7FQ4xFDRDvWuns7+cstJMeAVKNa
+y0vEnM1AO4GHvXwcbr3HEQzyqWwxxX2bMFQ6gltwIZkz3cORMPaaEAON+n+RHKJ/
+s5XGz6PrgcFqIrAD5+gIDy5KhtrXxIKaP4fNJB5MI0wHDdiGhrJETgT3AgMBAAGj
+ggJkMIICYDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
+AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKR4EkwrlTlrlXGnv/Tvt6NR
+cYGSMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEB
+BGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0
+Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0
+Lm9yZy8wGwYDVR0RBBQwEoIQc3RhZ2luZy5iaXVyby5sdjBMBgNVHSAERTBDMAgG
+BmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3Bz
+LmxldHNlbmNyeXB0Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1AGPy283o
+O8wszwtyhCdXazOkjWF3j711pjixx2hUS9iNAAABaXYM568AAAQDAEYwRAIgMihO
+XUizvNeVBDlloYCjjNxvHdd2G4sFNXHHBBsDqb0CIBABKaqPILhnFWrGzSea3wzm
+b4amqFPyTXSWVFHK48dPAHYA4mlLribo6UAJ6IYbtjuD1D7n/nSI+6SPKJMBnd3x
+2/4AAAFpdgzpUAAABAMARzBFAiBKnGqlEO4MfKw2SdIyoxLGlYHK9USID01Ng2tY
+VTo0VQIhAKDDCbmlX3nhRYM9M0iXHoiIrw5eEDAaDtKCPnV78qCDMA0GCSqGSIb3
+DQEBCwUAA4IBAQCFVOj0NbgpAEHPRwiartJ4mOOZk5GvX9Cy29YV2U9n/pKUHnD/
+OQ7dvhwHLccRVbTkmwwpCeoubGmIBPGh0nkEHLstoA2+tTfTDwDtGVfVubn2lOYD
+J00S9S+Y770ynrVyF15Gga4tCh11O1qSMo9EQ0Q5bSU+26Htm23WrtueHnxrKVk/
+JgeBg7ObByfgAnLel+joggiZ6VNI9JawT6TLL8040angXcP9CcIaNgULF5+YUNv9
+VErnMxBDzaTiXoq8lkk+SWAax6QkB+3Gyhj/sGA6BiykNSd7D57zPzjK3ImSTSFC
+KitSqnKgLU71bJAcEscfhV/bEeR+4p/FJuu9
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----

certs/biuro.lv/private.key

+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDT1dqmHYMVgbxK
+mm2xIAw3sD1OtvQfjjpJpogOuVaC/vF4L0a3UuOOBtBJ9xWIdyCkIWOvLJWgAWhb
++Wc/0Y7uAA6QuXCHYsHLbzL9H7YOGODCmo8PXE2WEUveeq9ahrvqaaDuwCM6I2b6
+Jev8cTV6a761SY76iZZ1cPtvAmLn6t3BHWbN6rzRpQ77biTMJ2mMC7FQ4xFDRDvW
+uns7+cstJMeAVKNay0vEnM1AO4GHvXwcbr3HEQzyqWwxxX2bMFQ6gltwIZkz3cOR
+MPaaEAON+n+RHKJ/s5XGz6PrgcFqIrAD5+gIDy5KhtrXxIKaP4fNJB5MI0wHDdiG
+hrJETgT3AgMBAAECggEAB1OlraGJf63XDS+yjKZVejVtvcavQoSCdcZmCNriBSBq
+bOzUOSNc+a441PYV6XxoOeIkTiOqoSx8vqSKlXza723eh3YxCl24QAjbqJ33Qddi
+ExkGhPVOsawQkVjOxgaZ33ZBooYtSQLEdH0Avck2ENoUcCnYD/cGStWUpXEAmO6l
+9NJZ1q3jW5RpYqfSV7n25PeJcJ7JjuNH3UNvRpaaoAknfuvZEFoG2CcXt1oJt9+H
+aaeej9jdhL/hwu4C0Uc3JOL9lbzRT7UuDZ4jExRZkchNdl48Y7apQOtnbLHIy19o
+GfYi3YZvUOw8NxC/pthN+GR0g6yS11THp58RkXrvcQKBgQD9XUx64zD+7MPPMHAZ
+LJj36epVcdAr2zXiEMjQsx2SH92ezgh7g7uG6GV4oNrTT365lTVjOpIqJZNi3zId
+MwGZ0qwlAaIn+WatqRc+ajZxNWn5D2H7oOjmWw5MMquHnv8JfGD6QLTNUq5o8RAp
+JoZhDXvH6z6AZdk3cm5/qFrZQwKBgQDWCfb6oFHlZn9Qsf02xo6pR0zDaFxD5ojA
+lpGRFxK/dUnCFBgKni6O9UunWIV1rbQnCF7N3hoILQHqsk+0L0dNDKZQjRGhTR3J
+7BAIAn5DzuWp1P0D1ZjSVdplh8ms695dqcrYQYyNMHKHQOz2oC9Llyg5iKs4jc1v
+pf2S/xLAPQKBgQC75eRhQnpEpJx23IpV8SAkw6JY6cYjsDeexynWtO9aPi2ip1Pd
+Hg4F9/XA5zJCAjOOOFzWkUpy3VkXu0U0KG6ogHfQHgz/LlP6uGsXi7eCb8V+wuy8
+q1Ht/Ft3ISDavIyRoV9eWHx9xTK5ewWsLvj7ov9IfWrl2CKmn0PZgqaVdwKBgFe0
+AZW0t5oOI8EHDcCyH6bRZmzziEryXbq8d61CDRaSksSJw0gmhOFjNbq+lQEhSh5s
+WZx1k6kh+BUZN3uXm9nAgy2igETd+oTQy8jcbKyQTJ8IfRxjG5mkQDc2KrdGdvle
+J5XxVgxMe8FcIzzzai3JJFxe2fn0cOd81qizCBXpAoGAA0YZ4a1ANhQ0RPPyBIvq
+lilNfGUpuCtILWV1ibMaTkCnWqTu99vXMovdR6w1f936KYQQLXsUgOVBP27Hmv5V
+BaU7NWyPz5FCIBXjSb7MKCSeStAiAhEoBLMko5IeM08Q1k30qEj1ak+6MGINQWuR
+EmoKaesU3ESIMnx6yfn8aPk=
+-----END PRIVATE KEY-----
\ No newline at end of file

docker-compose.yml

+version: '3.6'
+
+services:
+    mysql:
+        image: ${IMAGE_MYSQL}
+        container_name: "${PROJECT}-mysql"
+        networks:
+            - "back"
+        volumes:
+            - ./docker/mariadb:/docker-entrypoint-initdb.d/
+            - ./var/mariadb:/var/lib/mysql
+        environment:
+            - MYSQL_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
+            - MYSQL_DATABASE=${DB_NAME}
+            - MYSQL_USER=${DB_USERNAME}
+            - MYSQL_PASSWORD=${DB_PASSWORD}
+        command: mysqld --character-set-server=utf8 --collation-server=utf8_general_ci --innodb-flush-method=fsync
+        restart: always
+
+    wordpress:
+        image: ${IMAGE_WORDPRESS}
+        container_name: "${PROJECT}-wordpress"
+        networks:
+            - "front"
+            - "back"
+        volumes:
+            - ./nginx/.htpasswd:/etc/nginx/.htpasswd
+            - ./nginx/php.ini:/usr/local/etc/php/conf.d/php.ini
+            - ./wordpress:/var/www/html
+        environment:
+            - WORDPRESS_DB_NAME=${DB_NAME}
+            - WORDPRESS_DB_HOST=${DB_HOST}
+            - WORDPRESS_DB_USER=${DB_USERNAME}
+            - WORDPRESS_DB_PASSWORD=${DB_PASSWORD}
+            - WORDPRESS_CONFIG_EXTRA=
+                /* Multisite */
+                define( 'WP_ALLOW_MULTISITE', true );
+                define('MULTISITE', true);
+                define('SUBDOMAIN_INSTALL', true);
+                define('DOMAIN_CURRENT_SITE', '${NGINX_NAME_LT}');
+                define('PATH_CURRENT_SITE', '/');
+                define('SITE_ID_CURRENT_SITE', 1);
+                define('BLOG_ID_CURRENT_SITE', 1);
+                define( 'COOKIE_DOMAIN', '' );
+                define( 'ADMIN_COOKIE_PATH', '/' );
+                define( 'COOKIEPATH', '/' );
+                define( 'SITECOOKIEPATH', '/' );
+                define( 'NOBLOGREDIRECT', '' );
+                define( 'WP_HOME', 'https://${NGINX_NAME_LT}' );
+                define( 'WP_SITEURL', 'https://${NGINX_NAME_LT}' );
+                define( 'DISALLOW_FILE_EDIT', false );
+        links:
+            - mysql
+        restart: always
+
+    nginx:
+        image: ${IMAGE_NGINX}
+        container_name: "${PROJECT}-nginx"
+        networks:
+            - front
+        ports:
+            - '80:80'
+            - '443:443'
+        volumes:
+            - ./nginx/.htpasswd:/etc/nginx/.htpasswd
+            - ./nginx/conf.d:/etc/nginx/conf.d
+            - ./nginx/h5bp:/etc/nginx/h5bp
+            - ./nginx/nginx.conf:/etc/nginx/nginx.conf
+            - ./nginx/redirects:/etc/nginx/redirects
+            - ./nginx/cache:/var/cache/nginx
+
+            - ./logs/nginx:/var/log/nginx
+            - ./certs:/etc/letsencrypt
+            - ./certs-data:/data/letsencrypt
+
+            - ./wordpress:/var/www/html
+        links:
+            - wordpress
+        restart: always
+
+    wordpress-cli:
+        image: ${IMAGE_WORDPRESS_CLI}
+        user: "${UID}:${GID}"
+        container_name: "${PROJECT}-wordpress-cli"
+        links:
+            - wordpress
+            - mysql
+        networks:
+            - "back"
+        volumes:
+            - './var/wp-cli/cache:/etc/X11/fs/.wp-cli/cache'
+
+            - ./wordpress:/var/www/html
+
+            - './wp-init.sh:/usr/local/bin/wp-init.sh'
+        command: >
+            /bin/sh -c '
+                sleep 45;
+                echo "WP CLI init";
+                wp core update --force;
+                wp core update-db --network;
+                wp option update permalink_structure "/%postname%/" --skip-themes --skip-plugins;
+                # wp option update timezone_string "Manual Offsets/UTC+2";
+                # wp option update date_format "Y-m-d";
+                wp option update time_format "H:i";
+                # wp plugin install permalink-manager --force --activate-network;
+                wp plugin install pods --activate-network;
+                wp plugin install polylang --activate-network;
+                wp plugin install wordpress-seo --activate-network;
+                wp plugin install loco-translate --activate-network;
+                wp plugin install google-sitemap-generator --activate-network;
+                wp plugin update --all;
+                wp plugin activate akismet --network;
+                wp plugin activate biuro-contacts --network;
+                wp plugin activate biuro-feedbacks --network;
+                wp plugin activate biuro-html --network;
+                wp plugin activate biuro-sections --network;
+                wp plugin activate biuro-services --network;
+                wp plugin activate biuro-values --network;
+                wp plugin activate cookies-warning --network;
+                wp plugin activate data-controller --network;
+                wp theme update --all;
+                wp theme activate biuro;
+                wp language core update;
+                wp language theme update --all;
+                wp language plugin update --all;
+                echo "WP CLI done. Ready to use.";
+            '
+
+networks:
+    front:
+        name: "${PROJECT}-front"
+    back:
+        name: "${PROJECT}-back"
+
+volumes:
+        wordpress: { }
+        wp-content: { }

nginx/.htpasswd

+biuro_wp_api:$apr1$vvI07kKw$MysnayQWamZReKludVojG.

nginx/conf.d/server-shared.conf

+include h5bp/internet_explorer/x-ua-compatible.conf;
+include h5bp/security/content-security-policy.conf;
+include h5bp/security/referrer-policy.conf;
+include h5bp/security/strict-transport-security.conf;
+include h5bp/security/x-content-type-options.conf;
+include h5bp/security/x-frame-options.conf;
+include h5bp/security/x-xss-protection.conf;
+include h5bp/location/security_file_access.conf;
+include h5bp/location/web_performance_cache_expiration.conf;
+include h5bp/web_performance/no-transform.conf;
+include h5bp/cross-origin/requests.conf;
+
+root /var/www/html;
+index index.php;
+
+location / {
+    try_files $uri $uri/ /index.php?$args;
+}
+
+location /wp-json/api/v1/contacts {
+    try_files $uri $uri/ /index.php?$args;
+    auth_basic "Basic auth";
+    auth_basic_user_file /etc/nginx/.htpasswd;
+    # auth_basic_user_file /var/www/html/.htpasswd;
+}
+
+location ~ \.php$ {
+    try_files $uri =404;
+    fastcgi_split_path_info ^(.+\.php)(/.+)$;
+    fastcgi_pass wordpress:9000;
+    fastcgi_index index.php;
+    include fastcgi_params;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    fastcgi_param PATH_INFO $fastcgi_path_info;
+}

nginx/conf.d/www-biuro.conf

+server {
+    listen      80;
+    listen [::]:80;
+    server_name  biuro.lt www.biuro.lt;
+    return       301 https://www.biuro.lt$request_uri;
+}
+
+# server {
+#     listen      80;
+#     listen [::]:80;
+#     server_name biuro.lt www.biuro.lt biuro.lv www.biuro.lv biuro.ee www.biuro.ee;
+
+#     location ^~ /.well-known {
+#         allow all;
+#         default_type "text/plain";
+#         root  /data/letsencrypt/;
+#     }
+
+#     location / {
+#         rewrite ^ https://$host$request_uri? permanent;
+#     }
+# }
+
+
+server {
+    listen      443          ssl http2;
+    listen [::]:443          ssl http2;
+    server_name biuro.lt;
+
+    include /etc/nginx/conf.d/server-shared.conf;
+
+    ssl_certificate                 /etc/letsencrypt/biuro.lt/fullchain.pem;
+    ssl_certificate_key          /etc/letsencrypt/biuro.lt/private.key;
+
+    return 301 https://www.biuro.lt$request_uri;
+}
+
+server {
+    listen      443         ssl http2;
+    listen [::]:443         ssl http2;
+    server_name         www.biuro.lt;
+
+    include /etc/nginx/conf.d/server-shared.conf;
+
+    ssl_certificate                 /etc/letsencrypt/biuro.lt/fullchain.pem;
+    ssl_certificate_key          /etc/letsencrypt/biuro.lt/private.key;
+
+    # 301 redirects
+    include redirects/biuro.lt.conf;
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# server {
+#     listen      443         ssl http2;
+#     listen [::]:443         ssl http2;
+#     server_name        biuro.lv www.biuro.lv;
+
+#     include /etc/nginx/conf.d/server-shared.conf;
+
+#     ssl_certificate                 /etc/letsencrypt/biuro.lv/fullchain.pem;
+#     ssl_certificate_key          /etc/letsencrypt/biuro.lv/private.key;
+
+#     # 301 redirects
+#     include redirects/biuro.lv.conf;
+# }
+
+
+# server {
+#     listen      443         ssl http2;
+#     listen [::]:443         ssl http2;
+#     server_name        biuro.ee www.biuro.ee;
+
+#     include /etc/nginx/conf.d/server-shared.conf;
+
+#     ssl_certificate                 /etc/letsencrypt/biuro.ee/fullchain.pem;
+#     ssl_certificate_key          /etc/letsencrypt/biuro.ee/private.key;
+
+#     # 301 redirects
+#     include         redirects/biuro.ee.conf;
+# }

nginx/h5bp/basic.conf

+# Nginx Server Configs | MIT License
+# https://github.com/h5bp/server-configs-nginx
+
+include h5bp/internet_explorer/x-ua-compatible.conf;
+include h5bp/security/content-security-policy.conf;
+include h5bp/security/referrer-policy.conf;
+include h5bp/security/x-content-type-options.conf;
+include h5bp/security/x-frame-options.conf;
+include h5bp/security/x-xss-protection.conf;
+include h5bp/location/security_file_access.conf;
+include h5bp/web_performance/no-transform.conf;
+include h5bp/cross-origin/requests.conf;

nginx/h5bp/cross-origin/requests.conf

+# ----------------------------------------------------------------------
+# | Cross-origin requests                                              |
+# ----------------------------------------------------------------------
+
+# Allow cross-origin requests.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
+# https://enable-cors.org/
+# https://www.w3.org/TR/cors/
+
+# (!) Do not use this without understanding the consequences.
+#     This will permit access from any other website.
+#
+# Instead of using this file, consider using a specific rule such as:
+#
+# Allow access based on [sub]domain:
+#    add_header Access-Control-Allow-Origin "subdomain.example.com";
+
+add_header Access-Control-Allow-Origin $cors;

nginx/h5bp/cross-origin/resource_timing.conf

+# ----------------------------------------------------------------------
+# | Cross-origin resource timing                                       |
+# ----------------------------------------------------------------------
+
+# Allow cross-origin access to the timing information for all resources.
+#
+# If a resource isn't served with a `Timing-Allow-Origin` header that
+# would allow its timing information to be shared with the document,
+# some of the attributes of the `PerformanceResourceTiming` object will
+# be set to zero.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Timing-Allow-Origin
+# https://www.w3.org/TR/resource-timing/
+# https://www.stevesouders.com/blog/2014/08/21/resource-timing-practical-tips/
+
+add_header Timing-Allow-Origin "*";

nginx/h5bp/errors/custom_errors.conf

+# ----------------------------------------------------------------------
+# | Custom error messages/pages                                        |
+# ----------------------------------------------------------------------
+
+# Customize what Nginx returns to the client in case of an error.
+#
+# https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page
+
+error_page 404 /404.html;

nginx/h5bp/internet_explorer/x-ua-compatible.conf

+# ----------------------------------------------------------------------
+# | Document modes                                                     |
+# ----------------------------------------------------------------------
+
+# Force Internet Explorer 8/9/10 to render pages in the highest mode
+# available in the various cases when it may not.
+#
+# https://hsivonen.fi/doctype/#ie8
+#
+# (!) Starting with Internet Explorer 11, document modes are deprecated.
+# If your business still relies on older web apps and services that were
+# designed for older versions of Internet Explorer, you might want to
+# consider enabling `Enterprise Mode` throughout your company.
+#
+# https://msdn.microsoft.com/en-us/library/ie/bg182625.aspx#docmode
+# https://blogs.msdn.microsoft.com/ie/2014/04/02/stay-up-to-date-with-enterprise-mode-for-internet-explorer-11/
+# https://msdn.microsoft.com/en-us/library/ff955275.aspx
+
+add_header X-UA-Compatible $x_ua_compatible;

nginx/h5bp/location/security_file_access.conf

+# ----------------------------------------------------------------------
+# | File access                                                        |
+# ----------------------------------------------------------------------
+
+# Block access to all hidden files and directories with the exception of
+# the visible content from within the `/.well-known/` hidden directory.
+#
+# These types of files usually contain user preferences or the preserved
+# state of an utility, and can include rather private places like, for
+# example, the `.git` or `.svn` directories.
+#
+# The `/.well-known/` directory represents the standard (RFC 5785) path
+# prefix for "well-known locations" (e.g.: `/.well-known/manifest.json`,
+# `/.well-known/keybase.txt`), and therefore, access to its visible
+# content should not be blocked.
+#
+# https://www.mnot.net/blog/2010/04/07/well-known
+# https://tools.ietf.org/html/rfc5785
+
+location ~* /\.(?!well-known\/) {
+  deny all;
+}
+
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+# Block access to files that can expose sensitive information.
+#
+# By default, block access to backup and source files that may be
+# left by some text editors and can pose a security risk when anyone
+# has access to them.
+#
+# https://feross.org/cmsploit/
+#
+# (!) Update the `location` regular expression from below to
+# include any files that might end up on your production server and
+# can expose sensitive information about your website. These files may
+# include: configuration files, files that contain metadata about the
+# project (e.g.: project dependencies), build scripts, etc..
+
+location ~* (?:#.*#|\.(?:bak|conf|dist|fla|in[ci]|log|orig|psd|sh|sql|sw[op])|~)$ {
+  deny all;
+}

nginx/h5bp/location/web_performance_cache_expiration.conf

+# ----------------------------------------------------------------------
+# | Cache expiration                                                   |
+# ----------------------------------------------------------------------
+
+# Serve resources with far-future expiration date.
+#
+# (!) If you don't control versioning with filename-based
+# cache busting, you should consider lowering the cache times
+# to something like one week.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expires
+# https://nginx.org/en/docs/http/ngx_http_headers_module.html#expires
+
+# No default expire rule. This config mirrors that of apache as outlined in the
+# html5-boilerplate .htaccess file. However, nginx applies rules by location,
+# the apache rules are defined by type. A consequence of this difference is that
+# if you use no file extension in the url and serve html, with apache you get an
+# expire time of 0s, with nginx you'd get an expire header of one month in the
+# future (if the default expire rule is 1 month). Therefore, do not use a
+# default expire rule with nginx unless your site is completely static
+
+# Documents
+location ~* \.(?:manifest|appcache|html?|xml|json)$ {
+  expires 0;
+}
+
+# Feeds
+location ~* \.(?:rss|atom)$ {
+  expires 1h;
+}
+
+# Media files
+location ~* \.(?:webp|jpg|jpeg|gif|png|ico|cur|gz|svg|mp4|ogg|ogv|webm|htc)$ {
+  access_log off;
+  expires 1M;
+}
+
+# Media: svgz files are already compressed.
+location ~* \.svgz$ {
+  access_log off;
+  gzip off;
+  expires 1M;
+}
+
+# CSS and JavaScript
+location ~* \.(?:css|js)$ {
+  expires 1y;
+  access_log off;
+}
+
+# Web fonts
+# If you are NOT using cross-domain-fonts.conf, uncomment the following directive
+location ~* \.(?:eot|otf|tt[cf]|woff2?)$ {
+  expires 1M;
+  access_log off;
+}

nginx/h5bp/location/web_performance_filename-based_cache_busting.conf

+# ----------------------------------------------------------------------
+# | Filename-based cache busting                                       |
+# ----------------------------------------------------------------------
+
+# If you're not using a build process to manage your filename version
+# revving, you might want to consider enabling the following directives
+#
+# To understand why this is important and even a better solution than
+# using something like `*.css?v231`, please see:
+# https://www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/
+
+location ~* (.+)\.(?:\w+)\.(bmp|css|cur|gif|ico|jpe?g|m?js|png|svgz?|webp|webmanifest)$ {
+  try_files $uri $1.$2;
+}

nginx/h5bp/media_types/character_encodings.conf

+# ----------------------------------------------------------------------
+# | Character encodings                                                |
+# ----------------------------------------------------------------------
+
+# Serve all resources labeled as `text/html` or `text/plain`
+# with the media type `charset` parameter set to `UTF-8`.
+#
+# https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset
+
+charset utf-8;
+
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+# Update charset_types to match updated mime.types.
+# text/html is always included by charset module.
+# Default: text/html text/xml text/plain text/vnd.wap.wml application/javascript application/rss+xml
+#
+# https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset_types
+
+charset_types
+    text/css
+    text/plain
+    text/vnd.wap.wml
+    text/javascript
+    text/markdown
+    text/calendar
+    text/x-component
+    text/vcard
+    text/cache-manifest
+    text/vtt
+    application/json
+    application/manifest+json;

nginx/h5bp/media_types/media_types.conf

+# ----------------------------------------------------------------------
+# | Media types                                                        |
+# ----------------------------------------------------------------------
+
+# Serve resources with the proper media types (f.k.a. MIME types).
+#
+# https://www.iana.org/assignments/media-types/media-types.xhtml
+# https://nginx.org/en/docs/http/ngx_http_core_module.html#types
+
+include mime.types;
+
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+# Default: text/plain
+#
+# https://nginx.org/en/docs/http/ngx_http_core_module.html#default_type
+
+default_type application/octet-stream;

nginx/h5bp/security/content-security-policy.conf

+# ----------------------------------------------------------------------
+# | Content Security Policy (CSP)                                      |
+# ----------------------------------------------------------------------
+
+# Mitigate the risk of cross-site scripting and other content-injection
+# attacks.
+#
+# This can be done by setting a `Content Security Policy` which
+# whitelists trusted sources of content for your website.
+#
+# The example header below allows ONLY scripts that are loaded from
+# the current website's origin (no inline scripts, no CDN, etc).
+# That almost certainly won't work as-is for your website!
+#
+# To make things easier, you can use an online CSP header generator
+# such as: https://www.cspisawesome.com/.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+# https://www.w3.org/TR/CSP3/
+# https://content-security-policy.com/
+# https://www.html5rocks.com/en/tutorials/security/content-security-policy/
+
+add_header Content-Security-Policy $content_security_policy always;

nginx/h5bp/security/referrer-policy.conf

+# ----------------------------------------------------------------------
+# | Referrer Policy                                                    |
+# ----------------------------------------------------------------------
+
+# A web application uses HTTPS and a URL-based session identifier.
+# The web application might wish to link to HTTPS resources on other
+# web sites without leaking the user's session identifier in the URL.
+#
+# This can be done by setting a `Referrer Policy` which
+# whitelists trusted sources of content for your website.
+#
+# To check your referrer policy, you can use an online service
+# such as: https://securityheaders.io/.
+#
+# https://scotthelme.co.uk/a-new-security-header-referrer-policy/
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
+
+add_header Referrer-Policy $referrer_policy always;

nginx/h5bp/security/server_software_information.conf

+# ----------------------------------------------------------------------
+# | Server software information                                        |
+# ----------------------------------------------------------------------
+
+# Prevent Nginx from sending in the `Server` response header its
+# exact version number.
+#
+# https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens
+
+server_tokens off;

nginx/h5bp/security/strict-transport-security.conf

+# ----------------------------------------------------------------------
+# | HTTP Strict Transport Security (HSTS)                              |
+# ----------------------------------------------------------------------
+
+# Force client-side SSL redirection.
+#
+# If a user types `example.com` in their browser, even if the server
+# redirects them to the secure version of the website, that still leaves
+# a window of opportunity (the initial HTTP connection) for an attacker
+# to downgrade or redirect the request.
+#
+# The following header ensures that browser will ONLY connect to your
+# server via HTTPS, regardless of what the users type in the browser's
+# address bar.
+#
+# (!) Be aware that this, once published, is not revokable and you must ensure
+# being able to serve the site via SSL for the duration you've specified
+# in max-age. When you don't have a valid SSL connection (anymore) your
+# visitors will see a nasty error message even when attempting to connect
+# via simple HTTP.
+#
+# (!) Remove the `includeSubDomains` optional directive if the website's
+# subdomains are not using HTTPS.
+#
+# (1) If you want to submit your site for HSTS preload (2) you must
+#     * ensure the `includeSubDomains` directive to be present
+#     * the `preload` directive to be specified
+#     * the `max-age` to be at least 31536000 seconds (1 year) according to the current status.
+#
+#     It is also advised (3) to only serve the HSTS header via a secure connection.
+#
+# (2) https://hstspreload.org/
+# (3) https://tools.ietf.org/html/rfc6797#section-7.2
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+# https://tools.ietf.org/html/rfc6797#section-6.1
+# https://www.html5rocks.com/en/tutorials/security/transport-layer-security/
+# https://blogs.msdn.microsoft.com/ieinternals/2014/08/18/strict-transport-security/
+
+add_header Strict-Transport-Security "max-age=16070400; includeSubDomains" always;
+# (1) or if HSTS preloading is desired (respect (2) for current requirements):
+# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

nginx/h5bp/security/x-content-type-options.conf

+# ----------------------------------------------------------------------
+# | Reducing MIME type security risks                                  |
+# ----------------------------------------------------------------------
+
+# Prevent some browsers from MIME-sniffing the response.
+#
+# This reduces exposure to drive-by download attacks and cross-origin
+# data leaks, and should be left uncommented, especially if the server
+# is serving user-uploaded content or content that could potentially be
+# treated as executable by the browser.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+# https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-v-comprehensive-protection/
+# https://mimesniff.spec.whatwg.org/
+
+add_header X-Content-Type-Options nosniff always;

nginx/h5bp/security/x-frame-options.conf

+# ----------------------------------------------------------------------
+# | Clickjacking                                                       |
+# ----------------------------------------------------------------------
+
+# Protect website against clickjacking.
+#
+# The example below sends the `X-Frame-Options` response header with
+# the value `DENY`, informing browsers not to display the content of
+# the web page in any frame.
+#
+# This might not be the best setting for everyone. You should read
+# about the other two possible values the `X-Frame-Options` header
+# field can have: `SAMEORIGIN` and `ALLOW-FROM`.
+# https://tools.ietf.org/html/rfc7034#section-2.1.
+#
+# Keep in mind that while you could send the `X-Frame-Options` header
+# for all of your website’s pages, this has the potential downside that
+# it forbids even non-malicious framing of your content (e.g.: when
+# users visit your website using a Google Image Search results page).
+#
+# Nonetheless, you should ensure that you send the `X-Frame-Options`
+# header for all pages that allow a user to make a state changing
+# operation (e.g: pages that contain one-click purchase links, checkout
+# or bank-transfer confirmation pages, pages that make permanent
+# configuration changes, etc.).
+#
+# Sending the `X-Frame-Options` header can also protect your website
+# against more than just clickjacking attacks:
+# https://cure53.de/xfo-clickjacking.pdf.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+# https://tools.ietf.org/html/rfc7034
+# https://blogs.msdn.microsoft.com/ieinternals/2010/03/30/combating-clickjacking-with-x-frame-options/
+# https://www.owasp.org/index.php/Clickjacking
+
+add_header X-Frame-Options $x_frame_options always;

nginx/h5bp/security/x-xss-protection.conf

+# ----------------------------------------------------------------------
+# | Reflected Cross-Site Scripting (XSS) attacks                       |
+# ----------------------------------------------------------------------
+
+# (1) Try to re-enable the cross-site scripting (XSS) filter built
+#     into most web browsers.
+#
+#     The filter is usually enabled by default, but in some cases it
+#     may be disabled by the user. However, in Internet Explorer for
+#     example, it can be re-enabled just by sending the
+#     `X-XSS-Protection` header with the value of `1`.
+#
+# (2) Prevent web browsers from rendering the web page if a potential
+#     reflected (a.k.a non-persistent) XSS attack is detected by the
+#     filter.
+#
+#     By default, if the filter is enabled and browsers detect a
+#     reflected XSS attack, they will attempt to block the attack
+#     by making the smallest possible modifications to the returned
+#     web page.
+#
+#     Unfortunately, in some browsers (e.g.: Internet Explorer),
+#     this default behavior may allow the XSS filter to be exploited,
+#     thereby, it's better to inform browsers to prevent the rendering
+#     of the page altogether, instead of attempting to modify it.
+#
+#     https://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities
+#
+# (!) Do not rely on the XSS filter to prevent XSS attacks! Ensure that
+#     you are taking all possible measures to prevent XSS attacks, the
+#     most obvious being: validating and sanitizing your website's inputs.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+# https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-iv-the-xss-filter/
+# https://blogs.msdn.microsoft.com/ieinternals/2011/01/31/controlling-the-xss-filter/
+# https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
+
+add_header X-XSS-Protection $x_xss_protection always;

nginx/h5bp/ssl/certificate_files.conf

+# ----------------------------------------------------------------------
+# | Certificate files                                                  |
+# ----------------------------------------------------------------------
+
+# This default SSL certificate will be served whenever the client lacks
+# support for SNI (Server Name Indication).
+# Make it a symlink to the most important certificate you have, so that
+# users of IE 8 and below on WinXP can see your main site without SSL errors.
+#
+# (1) Certificate and key files location
+#     The certificate file can contain intermediate certificate.
+#
+#     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate
+#
+# (2) Intermediate certificate location if loaded certificate (1) does not
+#     contain intermediate certificate when enabling OCSP stanpling.
+#
+#     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate
+#
+# (3) CA certificate file location for client certificate authentication
+#
+#     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_client_certificate
+
+# (1)
+ssl_certificate /etc/nginx/certs/default.crt;
+ssl_certificate_key /etc/nginx/certs/default.key;
+
+# (2)
+# ssl_trusted_certificate /path/to/ca.crt;
+
+# (3)
+# ssl_client_certificate /etc/nginx/default_ssl.crt;

nginx/h5bp/ssl/ocsp_stapling.conf

+# ----------------------------------------------------------------------
+# | Online Certificate Status Protocol stapling                        |
+# ----------------------------------------------------------------------
+
+# OCSP is a lightweight, only one record to help clients verify the
+# validity of the server certificate.
+# OCSP stapling allow the server to send its cached OCSP record during
+# the TLS handshake, whithout the need of 3rd party OCSP responder.
+#
+# https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling
+# https://tools.ietf.org/html/rfc6066#section-8
+# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
+
+ssl_stapling on;
+ssl_stapling_verify on;
+
+resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=60s;
+resolver_timeout 2s;

nginx/h5bp/ssl/policy_deprecated.conf

+# ----------------------------------------------------------------------
+# | SSL policy - Deprecated                                            |
+# ----------------------------------------------------------------------
+
+# For services that don't need compatibility with legacy clients
+# (mostly WinXP), but still need to support a wide range of clients,
+# this configuration is recommended.
+#
+# Protect against the BEAST and POODLE attacks by not using SSLv3 at all.
+# If you need to support older browsers (IE6) you may need to add
+# SSLv3 to the list of protocols.
+#
+# Based on intermediate profile recommended by Mozilla.
+# https://mozilla.github.io/server-side-tls/ssl-config-generator/
+#
+# (1) Diffie-Hellman parameter for DHE cipher suites
+#     A 4096 bits or more DH parameter is recommended.
+#     (!) A DH parameter generation is required to enable this directive.
+#         openssl dhparam -out /etc/nginx/dhparam.pem 4096
+#     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam
+#
+# https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
+# https://nginx.org/en/docs/http/ngx_http_ssl_module.html
+
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA;
+ssl_ecdh_curve X25519:prime256v1:secp521r1:secp384r1;
+
+# (1)
+# ssl_dhparam /etc/nginx/dhparam.pem;

nginx/h5bp/ssl/policy_intermediate.conf

+# ----------------------------------------------------------------------
+# | SSL policy - Intermediate                                          |
+# ----------------------------------------------------------------------
+
+# For services that don't need backward compatibility, the parameters
+# below provide a higher level of security.
+#
+# (!) This policy enfore a strong SSL configuration, which may raise
+#     errors with old clients.
+#     If a more compatible profile is required, use intermediate policy.
+#
+# (1) The NIST curves (prime256v1, secp384r1, secp521r1) are known
+#     to be weak and potentially vulnerable but are required to support
+#     Microsoft Edge and Safari.
+#     https://safecurves.cr.yp.to/
+#
+# https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
+# https://nginx.org/en/docs/http/ngx_http_ssl_module.html
+
+ssl_protocols TLSv1.2;
+ssl_ciphers EECDH+CHACHA20:EECDH+AES;
+
+# (1)
+# ssl_ecdh_curve X25519:prime256v1:secp521r1:secp384r1;

nginx/h5bp/ssl/policy_modern.conf

+# ----------------------------------------------------------------------
+# | SSL policy - Modern                                                |
+# ----------------------------------------------------------------------
+
+# For services that want to be on the bleeding edge, the parameters
+# below sacrifice compatibility for the highest level of security & performance
+#
+# (!) TLSv1.3 and it's 0-RTT feature require NGINX >=1.15.4 and OpenSSL >=1.1.1
+#     to be installed.
+#
+# (!) Don't enable `ssl_early_data` blindly! Requests sent within early data are
+#     subject to replay attacks.
+#
+# (1) The NIST curves (prime256v1, secp384r1, secp521r1) are known to be weak
+#     and potentially vulnerable.
+#
+#     Add them back to the parameter `ssl_ecdh_curve` below to support
+#     Microsoft Edge and Safari.
+#
+#     https://safecurves.cr.yp.to/
+#
+# (2) Enables TLS 1.3 0-RTT, allows for faster resumption of TLS sessions.
+#
+# (!) Requests sent within early data are subject to replay attacks.
+#     To protect against such attacks at the application layer, the
+#     $ssl_early_data variable should be used:
+#       proxy_set_header Early-Data $ssl_early_data;
+#
+#     The application should return response code 425 for anything that
+#     could contain user supplied data.
+#
+#     https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/425
+#
+# https://github.com/certbot/certbot/issues/6367
+# https://github.com/mozilla/server-side-tls/issues/217
+# https://nginx.org/en/docs/http/ngx_http_ssl_module.html
+
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers EECDH+CHACHA20:EECDH+AES;
+
+# (1)
+ssl_ecdh_curve X25519;
+
+# (2)
+#ssl_early_data on;

nginx/h5bp/ssl/ssl_engine.conf

+# ----------------------------------------------------------------------
+# | SSL engine                                                         |
+# ----------------------------------------------------------------------
+
+# (1) Optimize SSL by caching session parameters for 10 minutes.
+#     This cuts down on the number of expensive SSL handshakes.
+#     By enabling a cache, we tell the client to re-use the already
+#     negotiated state.
+#     A 1Mb cache can hold about 4000 sessions, so we can hold 40000 sessions.
+#
+# (2) Use a higher keepalive timeout to reduce the need for repeated handshakes
+#     (!) Shouldn't be done unless you serve primarily HTTPS.
+#     Default is 75s
+#
+# (3) SSL buffer size
+#     Set 1400 bytes to fit in one MTU
+#     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size
+#
+# (4) Disable session tickets
+#     Session tickets keys are not auto-rotated. Only a HUP / restart
+#     will do so and when a restart is performed the previous key is
+#     lost, which resets all previous sessions.
+#     Only enable session tickets if you setup a manual rotation mechanism.
+#     https://trac.nginx.org/nginx/changeset/1356a3b9692441e163b4e78be4e9f5a46c7479e9/nginx
+#     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets
+#
+# (5) Basic security improvements
+
+# (1)
+ssl_session_cache shared:SSL:10m;
+ssl_session_timeout 24h;
+
+# (2)
+keepalive_timeout 300s;
+
+# (3)
+# ssl_buffer_size 1400;
+
+# (4)
+ssl_session_tickets off;
+
+# (5)
+ssl_prefer_server_ciphers on;

nginx/h5bp/web_performance/cache-file-descriptors.conf

+# ----------------------------------------------------------------------
+# | Cache file-descriptors                                             |
+# ----------------------------------------------------------------------
+
+# This tells nginx to cache open file handles, "not found" errors and
+# metadata about files and their permissions.
+#
+# Based on these cached metadata, nginx can immediately begin sending
+# data when a popular file is requested, and will also know to
+# immediately send a 404 if a file is missing on disk, and so on.
+#
+# (!) It also means that the server won't react immediately to changes
+#     on disk, which may be undesirable.
+#     As only metadata are cached, edited files may be troncated until
+#     the cache is refreshed.
+#     https://github.com/h5bp/server-configs-nginx/issues/203
+#
+# In the below configuration, inactive files are released from the cache
+# after 20 seconds, whereas active (recently requested) files are
+# re-validated every 30 seconds.
+# Descriptors will not be cached unless they are used at least 2 times
+# within 20 seconds (the inactive time).
+# A maximum of the 1000 most recently used file descriptors can be
+# cached at any time.
+#
+# Production servers with stable file collections will definitely want
+# to enable the cache.
+#
+# https://nginx.org/en/docs/http/ngx_http_core_module.html#open_file_cache
+
+open_file_cache max=1000 inactive=20s;
+open_file_cache_valid 30s;
+open_file_cache_min_uses 2;
+open_file_cache_errors on;

nginx/h5bp/web_performance/cache_expiration.conf

+# ----------------------------------------------------------------------
+# | Cache expiration                                                   |
+# ----------------------------------------------------------------------
+
+# Serve resources with far-future expiration date.
+#
+# (!) If you don't control versioning with filename-based
+# cache busting, you should consider lowering the cache times
+# to something like one week.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expires
+# https://nginx.org/en/docs/http/ngx_http_headers_module.html#expires
+
+map $sent_http_content_type $expires {
+  default                               1M;
+
+  # CSS
+  text/css                              1y;
+
+  # Data interchange
+  application/atom+xml                  1h;
+  application/rdf+xml                   1h;
+  application/rss+xml                   1h;
+
+  application/json                      0;
+  application/ld+json                   0;
+  application/schema+json               0;
+  application/geo+json                  0;
+  application/xml                       0;
+  text/calendar                         0;
+  text/xml                              0;
+
+  # Favicon (cannot be renamed!) and cursor images
+  image/vnd.microsoft.icon              1w;
+  image/x-icon                          1w;
+
+  # HTML
+  text/html                             0;
+
+  # JavaScript
+  application/javascript                1y;
+  application/x-javascript              1y;
+  text/javascript                       1y;
+
+  # Manifest files
+  application/manifest+json             1w;
+  application/x-web-app-manifest+json   0;
+  text/cache-manifest                   0;
+
+
+  # Markdown
+  text/markdown                         0;
+
+  # Media files
+  audio/ogg                             1M;
+  image/bmp                             1M;
+  image/gif                             1M;
+  image/jpeg                            1M;
+  image/png                             1M;
+  image/svg+xml                         1M;
+  image/webp                            1M;
+  video/mp4                             1M;
+  video/ogg                             1M;
+  video/webm                            1M;
+
+  # WebAssembly
+  application/wasm                      1y;
+
+  # Web fonts
+  font/collection                       1M;
+  application/vnd.ms-fontobject         1M;
+  font/eot                              1M;
+  font/opentype                         1M;
+  font/otf                              1M;
+  application/x-font-ttf                1M;
+  font/ttf                              1M;
+  application/font-woff                 1M;
+  application/x-font-woff               1M;
+  font/woff                             1M;
+  application/font-woff2                1M;
+  font/woff2                            1M;
+
+  # Other
+  text/x-cross-domain-policy            1w;
+}
+
+expires $expires;

nginx/h5bp/web_performance/compression-brotli.conf

+# ----------------------------------------------------------------------
+# | Compression brotli                                                 |
+# ----------------------------------------------------------------------
+
+   brotli on;
+   brotli_comp_level 6;
+   brotli_types application/eot application/x-otf application/font application/x-perl application/font-sfnt application/x-ttf application/javascript
+               font/eot application/json font/ttf application/opentype font/otf application/otf font/opentype application/pkcs7-mime image/svg+xml
+               application/truetype text/css application/ttf text/csv application/vnd.ms-fontobject application/xhtml+xml text/javascript
+               application/xml text/js application/xml+rss text/plain application/x-font-opentype text/richtext application/x-font-truetype
+               text/tab-separated-values application/x-font-ttf text/xml application/x-httpd-cgi text/x-script application/x-javascript
+               text/x-component application/x-mpegurl text/x-java-source application/x-opentype
+               ;

nginx/h5bp/web_performance/compression.conf

+# ----------------------------------------------------------------------
+# | Compression                                                        |
+# ----------------------------------------------------------------------
+
+# https://nginx.org/en/docs/http/ngx_http_gzip_module.html
+
+# Enable gzip compression.
+# Default: off
+gzip on;
+
+# Compression level (1-9).
+# 5 is a perfect compromise between size and CPU usage, offering about
+# 75% reduction for most ASCII files (almost identical to level 9).
+# Default: 1
+gzip_comp_level 5;
+
+# Don't compress anything that's already small and unlikely to shrink much
+# if at all (the default is 20 bytes, which is bad as that usually leads to
+# larger files after gzipping).
+# Default: 20
+gzip_min_length 256;
+
+# Compress data even for clients that are connecting to us via proxies,
+# identified by the "Via" header (required for CloudFront).
+# Default: off
+gzip_proxied any;
+
+# Tell proxies to cache both the gzipped and regular version of a resource
+# whenever the client's Accept-Encoding capabilities header varies;
+# Avoids the issue where a non-gzip capable client (which is extremely rare
+# today) would display gibberish if their proxy gave them the gzipped version.
+# Default: off
+gzip_vary on;
+
+# Compress all output labeled with one of the following MIME-types.
+# text/html is always compressed by gzip module.
+# Default: text/html
+gzip_types
+  application/atom+xml
+  application/javascript
+  application/json
+  application/ld+json
+  application/manifest+json
+  application/rss+xml
+  application/geo+json
+  application/vnd.ms-fontobject
+  application/x-web-app-manifest+json
+  application/xhtml+xml
+  application/xml
+  application/rdf+xml
+  font/otf
+  application/wasm
+  image/bmp
+  image/svg+xml
+  text/cache-manifest
+  text/css
+  text/javascript
+  text/plain
+  text/markdown
+  text/vcard
+  text/calendar
+  text/vnd.rim.location.xloc
+  text/vtt
+  text/x-component
+  text/x-cross-domain-policy;
+
+# This should be turned on if you are going to have pre-compressed copies (.gz) of
+# static files available. If not it should be left off as it will cause extra I/O
+# for the check. It is best if you enable this in a location{} block for
+# a specific directory, or on an individual server{} level.
+# gzip_static on;

nginx/h5bp/web_performance/no-transform.conf

+# ----------------------------------------------------------------------
+# | Content transformation                                             |
+# ----------------------------------------------------------------------
+
+# Prevent intermediate caches or proxies (e.g.: such as the ones
+# used by mobile network providers) from modifying the website's
+# content.
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
+# https://tools.ietf.org/html/rfc2616#section-14.9.5
+#
+# (!) If you are using `ngx_pagespeed`, please note that setting
+# the `Cache-Control: no-transform` response header will prevent
+# `PageSpeed` from rewriting `HTML` files, and, if the
+# `pagespeed DisableRewriteOnNoTransform off` directive isn't used,
+# also from rewriting other resources.
+#
+# https://developers.google.com/speed/pagespeed/module/configuration#notransform
+
+add_header Cache-Control "no-transform";

nginx/mime.types

+types {
+
+  # Data interchange
+
+    application/atom+xml                  atom;
+    application/json                      json map topojson;
+    application/ld+json                   jsonld;
+    application/rss+xml                   rss;
+    # Normalize to standard type.
+    # https://tools.ietf.org/html/rfc7946#section-12
+    application/geo+json                  geojson;
+    application/xml                       xml;
+    # Normalize to standard type.
+    # https://tools.ietf.org/html/rfc3870#section-2
+    application/rdf+xml                   rdf;
+
+
+  # JavaScript
+
+    # Servers should use text/javascript for JavaScript resources.
+    # https://html.spec.whatwg.org/multipage/scripting.html#scriptingLanguages
+    text/javascript                       js mjs;
+    application/wasm                      wasm;
+
+
+  # Manifest files
+
+    application/manifest+json             webmanifest;
+    application/x-web-app-manifest+json   webapp;
+    text/cache-manifest                   appcache;
+
+
+  # Media files
+
+    audio/midi                            mid midi kar;
+    audio/mp4                             aac f4a f4b m4a;
+    audio/mpeg                            mp3;
+    audio/ogg                             oga ogg opus;
+    audio/x-realaudio                     ra;
+    audio/x-wav                           wav;
+    audio/x-matroska                      mka;
+    image/bmp                             bmp;
+    image/gif                             gif;
+    image/jpeg                            jpeg jpg;
+    image/jxr                             jxr hdp wdp;
+    image/png                             png;
+    image/svg+xml                         svg svgz;
+    image/tiff                            tif tiff;
+    image/vnd.wap.wbmp                    wbmp;
+    image/webp                            webp;
+    image/x-jng                           jng;
+    video/3gpp                            3gp 3gpp;
+    video/mp4                             f4p f4v m4v mp4;
+    video/mpeg                            mpeg mpg;
+    video/ogg                             ogv;
+    video/quicktime                       mov;
+    video/webm                            webm;
+    video/x-flv                           flv;
+    video/x-mng                           mng;
+    video/x-ms-asf                        asf asx;
+    video/x-ms-wmv                        wmv;
+    video/x-msvideo                       avi;
+    video/x-matroska                      mkv mk3d;
+
+    # Serving `.ico` image files with a different media type
+    # prevents Internet Explorer from displaying then as images:
+    # https://github.com/h5bp/html5-boilerplate/commit/37b5fec090d00f38de64b591bcddcb205aadf8ee
+
+    image/x-icon                          cur ico;
+
+
+  # Microsoft Office
+
+    application/msword                                                         doc;
+    application/vnd.ms-excel                                                   xls;
+    application/vnd.ms-powerpoint                                              ppt;
+    application/vnd.openxmlformats-officedocument.wordprocessingml.document    docx;
+    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet          xlsx;
+    application/vnd.openxmlformats-officedocument.presentationml.presentation  pptx;
+
+
+  # Web fonts
+
+    font/woff                             woff;
+    font/woff2                            woff2;
+    application/vnd.ms-fontobject         eot;
+    font/ttf                              ttf;
+    font/collection                       ttc;
+    font/otf                              otf;
+
+
+  # Other
+
+    application/java-archive              ear jar war;
+    application/mac-binhex40              hqx;
+    application/octet-stream              bin deb dll dmg exe img iso msi msm msp safariextz;
+    application/pdf                       pdf;
+    application/postscript                ai eps ps;
+    application/rtf                       rtf;
+    application/vnd.google-earth.kml+xml  kml;
+    application/vnd.google-earth.kmz      kmz;
+    application/vnd.wap.wmlc              wmlc;
+    application/x-7z-compressed           7z;
+    application/x-bb-appworld             bbaw;
+    application/x-bittorrent              torrent;
+    application/x-chrome-extension        crx;
+    application/x-cocoa                   cco;
+    application/x-java-archive-diff       jardiff;
+    application/x-java-jnlp-file          jnlp;
+    application/x-makeself                run;
+    application/x-opera-extension         oex;
+    application/x-perl                    pl pm;
+    application/x-pilot                   pdb prc;
+    application/x-rar-compressed          rar;
+    application/x-redhat-package-manager  rpm;
+    application/x-sea                     sea;
+    application/x-shockwave-flash         swf;
+    application/x-stuffit                 sit;
+    application/x-tcl                     tcl tk;
+    application/x-x509-ca-cert            crt der pem;
+    application/x-xpinstall               xpi;
+    application/xhtml+xml                 xhtml;
+    application/xslt+xml                  xsl;
+    application/zip                       zip;
+    text/css                              css;
+    text/csv                              csv;
+    text/html                             htm html shtml;
+    text/markdown                         md markdown;
+    text/mathml                           mml;
+    text/plain                            txt;
+    text/vcard                            vcard vcf;
+    text/calendar                         ics;
+    text/vnd.rim.location.xloc            xloc;
+    text/vnd.sun.j2me.app-descriptor      jad;
+    text/vnd.wap.wml                      wml;
+    text/vtt                              vtt;
+    text/x-component                      htc;
+
+}

nginx/nginx.conf

+# Configuration File - Nginx Server Configs
+# https://nginx.org/en/docs/
+
+# Run as a unique, less privileged user for security reasons.
+# Default: nobody nobody
+# https://nginx.org/en/docs/ngx_core_module.html#user
+# https://en.wikipedia.org/wiki/Principle_of_least_privilege
+user nginx;
+
+# Sets the worker threads to the number of CPU cores available in the system for best performance.
+# Should be > the number of CPU cores.
+# Maximum number of connections = worker_processes * worker_connections
+# Default: 1
+# https://nginx.org/en/docs/ngx_core_module.html#worker_processes
+worker_processes auto;
+
+# Maximum number of open files per worker process.
+# Should be > worker_connections.
+# Default: no limit
+# https://nginx.org/en/docs/ngx_core_module.html#worker_rlimit_nofile
+worker_rlimit_nofile 8192;
+
+# Provides the configuration file context in which the directives
+# that affect connection processing are specified.
+# https://nginx.org/en/docs/ngx_core_module.html#events
+events {
+
+  # If you need more connections than this, you start optimizing your OS.
+  # That's probably the point at which you hire people who are smarter than you as this is *a lot* of requests.
+  # Should be < worker_rlimit_nofile.
+  # Default: 512
+  # https://nginx.org/en/docs/ngx_core_module.html#worker_connections
+  worker_connections 8000;
+
+}
+
+# Log errors and warnings to this file
+# This is only used when you don't override it on a server{} level
+# Default: logs/error.log error
+# https://nginx.org/en/docs/ngx_core_module.html#error_log
+error_log /var/log/nginx/error.log warn;
+
+# The file storing the process ID of the main process
+# Default: logs/nginx.pid
+# https://nginx.org/en/docs/ngx_core_module.html#pid
+pid /var/run/nginx.pid;
+
+http {
+
+  # Hide nginx version information.
+  include h5bp/security/server_software_information.conf;
+
+  # Specify MIME types for files.
+  include h5bp/media_types/media_types.conf;
+
+  # Set character encodings.
+  include h5bp/media_types/character_encodings.conf;
+
+  # Include $http_x_forwarded_for within default format used in log files
+  # https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format
+  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+
+  # Log access to this file
+  # This is only used when you don't override it on a server{} level
+  # Default: logs/access.log combined
+  # https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
+  access_log /var/log/nginx/access.log main;
+
+  # How long to allow each connection to stay idle.
+  # Longer values are better for each individual client, particularly for SSL,
+  # but means that worker connections are tied up longer.
+  # Default: 75s
+  # https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout
+  # keepalive_timeout 20s;
+
+  # Speed up file transfers by using sendfile() to copy directly
+  # between descriptors rather than using read()/write().
+  # For performance reasons, on FreeBSD systems w/ ZFS
+  # this option should be disabled as ZFS's ARC caches
+  # frequently used files in RAM by default.
+  # Default: off
+  # https://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile
+  sendfile on;
+
+  # Don't send out partial frames; this increases throughput
+  # since TCP frames are filled up before being sent out.
+  # Default: off
+  # https://nginx.org/en/docs/http/ngx_http_core_module.html#tcp_nopush
+  tcp_nopush on;
+
+  # Enable gzip compression.
+  include h5bp/web_performance/compression.conf;
+
+  # Enable brotli compression.
+  include h5bp/web_performance/compression-brotli.conf;
+
+  # Specify file cache expiration.
+  # include h5bp/web_performance/cache_expiration.conf;
+
+  # Add X-XSS-Protection for HTML documents.
+  # h5bp/security/x-xss-protection.conf
+  map $sent_http_content_type $x_xss_protection {
+    #         (1)    (2)
+    text/html "1; mode=block";
+  }
+
+  # Add X-Frame-Options for HTML documents.
+  # h5bp/security/x-frame-options.conf
+  map $sent_http_content_type $x_frame_options {
+    text/html DENY;
+  }
+
+  # Add Content-Security-Policy for HTML documents.
+  # h5bp/security/content-security-policy.conf
+  map $sent_http_content_type $content_security_policy {
+    text/html "script-src 'self'; object-src 'self'";
+  }
+
+  # Add Referrer-Policy for HTML documents.
+  # h5bp/security/referrer-policy.conf.conf
+  map $sent_http_content_type $referrer_policy {
+    text/html "no-referrer-when-downgrade";
+  }
+
+  # Add X-UA-Compatible for HTML documents.
+  # h5bp/internet_explorer/x-ua-compatible.conf
+  map $sent_http_content_type $x_ua_compatible {
+    text/html "IE=edge";
+  }
+
+  # Add Access-Control-Allow-Origin.
+  # h5bp/cross-origin/requests.conf
+  map $sent_http_content_type $cors {
+    # Images
+    image/bmp     "*";
+    image/gif     "*";
+    image/jpeg    "*";
+    image/png     "*";
+    image/svg+xml "*";
+    image/webp    "*";
+    image/x-icon  "*";
+
+    # Web fonts
+    font/collection               "*";
+    application/vnd.ms-fontobject "*";
+    font/eot                      "*";
+    font/opentype                 "*";
+    font/otf                      "*";
+    application/x-font-ttf        "*";
+    font/ttf                      "*";
+    application/font-woff         "*";
+    application/x-font-woff       "*";
+    font/woff                     "*";
+    application/font-woff2        "*";
+    font/woff2                    "*";
+  }
+
+  # Include files in the conf.d folder.
+  # server{} configuration files should be placed in the conf.d folder.
+  # The configurations should be disabled by prefixing files with a dot.
+
+    include h5bp/ssl/ocsp_stapling.conf;
+    # include h5bp/ssl/policy_modern.conf;
+    # include h5bp/ssl/policy_deprecated.conf;
+    include h5bp/ssl/policy_intermediate.conf;
+    include h5bp/ssl/ssl_engine.conf;
+
+    include /etc/nginx/conf.d/www-biuro.conf;
+}
+
+
+
+# user  nginx;
+# worker_processes  1;
+
+# error_log  /var/log/nginx/error.log warn;
+# pid        /var/run/nginx.pid;
+
+
+# events {
+#     worker_connections  1024;
+# }
+
+
+# http {
+#     include       /etc/nginx/mime.types;
+#     default_type  application/octet-stream;
+
+#     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+#                       '$status $body_bytes_sent "$http_referer" '
+#                       '"$http_user_agent" "$http_x_forwarded_for"';
+
+#     access_log  /var/log/nginx/access.log  main;
+
+#     sendfile        on;
+#     #tcp_nopush     on;
+
+#     keepalive_timeout  65;
+
+#     gzip  on;
+#     brotli on;
+
+#     ################################
+#     # DO WHATEVER YOU WANT HERE :) #
+#     ################################
+
+#     include /etc/nginx/conf.d/*.conf;
+# }

nginx/php.ini

+file_uploads = On
+memory_limit = 64M
+upload_max_filesize = 64M
+post_max_size = 64M
+max_execution_time = 600

nginx/redirects/biuro.ee.conf

+# ----------------------------------------------------------------------
+# 301 biuro.ee redirects
+# ----------------------------------------------------------------------
+
+# rewrite ^/toeoepakkumised$ / permanent;
+# rewrite ^/toeoepakkumised/(.*)$ /? permanent;
+
+# Biuro SEO issues
+# https://docs.google.com/spreadsheets/d/1dXP0dh_v2sFajrcwR2_9HONMadCdZQW4Y2dVXvhxG3E/edit?ts=5b5eaa6b#gid=0
+#
+rewrite ^/toeoeandjatele/suvetoo-pank/?$ /toeoeandjatele/ajutine-toeoehoive/ permanent;
+
+# Intertnal ex 302
+rewrite ^/rabotnikam/?$ /rabotnikam/vremennaya-rabota/ permanent;
+rewrite ^/toeoeandjatele/?$ /toeoeandjatele/ajutine-toeoehoive/ permanent;
+rewrite ^/contacts/?$ /contacts/job-seekers/ permanent;
+rewrite ^/toeoeotsijatele/?$ /toeoeotsijatele/ajutine-toeoe/ permanent;
+rewrite ^/o-biuro/?$ /o-biuro/o-nas/ permanent;
+rewrite ^/job-seekers/?$ /job-seekers/temporary-employment-in-estonia/ permanent;
+rewrite ^/home/?$ / permanent;
+rewrite ^/employers/?$ /employers/temporary-employees-in-estonia/ permanent;
+rewrite ^/kontakty/?$ /kontakty/rabotnikam/ permanent;
+rewrite ^/about-biuro/?$ /about-biuro/staffing-agency-in-estonia/ permanent;
+rewrite ^/rabotodatelyam/?$ /rabotodatelyam/vremennoe-trudoustrojstvo/ permanent;
+rewrite ^/kontaktid/?$ /kontaktid/toeoeotsijad/ permanent;
+rewrite (?i)^/Meist/?$ /Meist/meist/ permanent;

nginx/redirects/biuro.lv.conf

+# ----------------------------------------------------------------------
+# 301 biuro.lv redirects
+# ----------------------------------------------------------------------
+
+# rewrite ^/darba-piedavajumi$ / permanent;
+# rewrite ^/darba-piedavajumi/(.*)$ /? permanent;
+
+# Biuro SEO issues
+# https://docs.google.com/spreadsheets/d/1dXP0dh_v2sFajrcwR2_9HONMadCdZQW4Y2dVXvhxG3E/edit?ts=5b5eaa6b#gid=0
+#
+rewrite ^/darba-devejiem/vasaras-darbu-banka/?$ /darba-devejiem/pagaidu-nodarbinatiba/ permanent;
+
+# Intertnal ex 302
+rewrite ^/darba-mekletajiem/?$ /darba-mekletajiem/pagaidu-darbs/ permanent;
+rewrite ^/about-biuro/?$ /about-biuro/staffing-agency-in-latvia/ permanent;
+rewrite ^/contacts/?$ /contacts/job-seekers/ permanent;
+rewrite ^/rabotnikam/?$ /rabotnikam/vremennoe-trudoustrojstvo-v-latvii/ permanent;
+rewrite ^/kontakty/?$ /kontakty/rabotnikam/ permanent;
+rewrite ^/par-biuro/?$ /par-biuro/par-mums/ permanent;
+rewrite ^/employers/?$ /employers/temporary-employees-in-latvia/ permanent;
+rewrite ^/darba-devejiem/?$ /darba-devejiem/pagaidu-nodarbinatiba/ permanent;
+rewrite ^/rabotodatelyam/?$ /rabotodatelyam/vremennye-rabochie-v-latvii/ permanent;
+rewrite ^/o-biuro/?$ /o-biuro/agenstvo-po-naemu-personala-v-latvii/ permanent;
+rewrite ^/home/?$ / permanent;
+rewrite ^/kontakti/?$ /kontakti/darba-mekletajiem/ permanent;
+rewrite ^/job-seekers/?$ /job-seekers/temporary-job-in-latvia/ permanent;

nginx/wp-init.sh

+sleep 20;
+
+echo "WP CLI init"
+
+# !/usr/bin/env sh
+
+# Install WordPress.
+# wp core install \
+#     --path="/var/www/html"\
+#     --title="Biuro" \
+#     --admin_user="biuro" \
+#     --admin_password="laikinas2587" \
+#     --admin_email="info@biuro.eu" \
+#     --url="https://dev.biuro.lt" \
+#     --skip-email
+
+# https://www.exove.com/blog/developing-with-wordpress-part-4-wp-cli-basics/
+
+# https://developer.wordpress.org/cli/commands/
+
+# WP update
+wp core update --force
+wp core update-db --network
+
+# Update permalink structure.
+wp option update permalink_structure "/%postname%/" --skip-themes --skip-plugins
+# wp option update timezone_string "Europe/Vilnius"
+# wp option update date_format "Y-m-d"
+wp option update time_format "H:i"
+
+# Install plugins
+# wp plugin install permalink-manager --force --activate-network
+wp plugin install pods --activate-network
+wp plugin install polylang --activate-network
+wp plugin install wordpress-seo --activate-network
+wp plugin install loco-translate --activate-network;
+wp plugin install google-sitemap-generator --activate-network;
+
+# Update all plugins
+wp plugin update --all
+
+# Activate plugin.
+wp plugin activate akismet --network
+
+wp plugin activate biuro-contacts --network
+wp plugin activate biuro-feedbacks --network
+wp plugin activate biuro-html --network
+wp plugin activate biuro-sections --network
+wp plugin activate biuro-services --network
+wp plugin activate biuro-values --network
+
+wp plugin activate cookies-warning --network
+wp plugin activate data-controller --network
+wp plugin activate jobs-importer --network
+
+# WP themes
+wp theme update --all
+wp theme activate biuro
+
+# Update translations
+wp language core update
+wp language theme update --all
+wp language plugin update --all
+
+echo "WP CLI done. Ready to use."

wp-init.sh

+sleep 30;
+
+echo "WP CLI init"
+
+# !/usr/bin/env sh
+
+# Install WordPress.
+# wp core install \
+#     --path="/var/www/html"\
+#     --title="Biuro" \
+#     --admin_user="biuro" \
+#     --admin_password="laikinas2587" \
+#     --admin_email="info@biuro.eu" \
+#     --url="https://dev.biuro.lt" \
+#     --skip-email
+
+# https://www.exove.com/blog/developing-with-wordpress-part-4-wp-cli-basics/
+
+# https://developer.wordpress.org/cli/commands/
+
+# WP update
+wp core update --force
+wp core update-db --network
+
+# Update permalink structure.
+wp option update permalink_structure "/%postname%/" --skip-themes --skip-plugins
+# wp option update timezone_string "Europe/Vilnius"
+# wp option update date_format "Y-m-d"
+wp option update time_format "H:i"
+
+# Install plugins
+# wp plugin install permalink-manager --force --activate-network
+wp plugin install pods --activate-network
+wp plugin install polylang --activate-network
+wp plugin install wordpress-seo --activate-network
+wp plugin install loco-translate --activate-network;
+wp plugin install google-sitemap-generator --activate-network;
+
+# Update all plugins
+wp plugin update --all
+
+# Activate plugin.
+wp plugin activate akismet --network
+
+wp plugin activate biuro-contacts --network
+wp plugin activate biuro-feedbacks --network
+wp plugin activate biuro-html --network
+wp plugin activate biuro-sections --network
+wp plugin activate biuro-services --network
+wp plugin activate biuro-values --network
+
+wp plugin activate cookies-warning --network
+wp plugin activate data-controller --network
+wp plugin activate jobs-importer --network
+
+# WP themes
+wp theme update --all
+wp theme activate biuro
+
+# Update translations
+wp language core update
+wp language theme update --all
+wp language plugin update --all
+
+echo "WP CLI done. Ready to use."