diff --git a/core/etc/systemd/system/point.service b/core/etc/systemd/system/point.service
index bed5f28..7406c7b 100644
--- a/core/etc/systemd/system/point.service
+++ b/core/etc/systemd/system/point.service
@@ -3,8 +3,8 @@ Description=Point.im
 After=network.target
 RequiresMountsFor=/home
 
-[Install]
-WantedBy=multi-user.target
+#[Install]
+#WantedBy=multi-user.target
 
 [Service]
 Type=simple
@@ -13,5 +13,5 @@ Group=docker
 WorkingDirectory=/home/point/point
 ExecStart=/usr/local/bin/docker-compose -f /home/point/point/docker-compose.yml -f /home/point/point/docker-compose-production.yml up www bot imgproc nginx
 ExecStop=/usr/local/bin/docker-compose -f /home/point/point/docker-compose.yml -f /home/point/point/docker-compose-production.yml stop www bot imgproc nginx
-Restart=always
+#Restart=always
 OOMScoreAdjust=-100
diff --git a/docker-entrypoint-initdb.d/dump.sql.gz b/docker-entrypoint-initdb.d/dump.sql.gz
deleted file mode 100644
index 6e6be66..0000000
Binary files a/docker-entrypoint-initdb.d/dump.sql.gz and /dev/null differ
diff --git a/www/etc/nginx/10-point.im.conf b/www/etc/nginx/10-point.im.conf
index 7c670a6..83c63b1 100644
--- a/www/etc/nginx/10-point.im.conf
+++ b/www/etc/nginx/10-point.im.conf
@@ -1,6 +1,10 @@
 server {
 	listen   [::]:80 ipv6only=on;
 	listen   *:80;
+    server_name point.im *.point.im;
+	rewrite ^/(.*)$ https://$host/$1 permanent;
+}
+server {
 	listen   [::]:443 ipv6only=on ssl;
 	listen   *:443 ssl;
     #listen [2a01:4f8:161:9402::2]:443;
@@ -14,6 +18,9 @@ server {
     ssl_prefer_server_ciphers   on;
     ssl_session_tickets on;
 
+
+	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
     #add_header X-Frame-Options DENY;
 
     #real_ip_header X-Forwarded-For;
diff --git a/www/etc/nginx/www.conf b/www/etc/nginx/www.conf
index 20752c5..d528c39 100644
--- a/www/etc/nginx/www.conf
+++ b/www/etc/nginx/www.conf
@@ -1,10 +1,17 @@
+server {
+  include conf.d/www.vars;
+  listen   80;
+  rewrite ^/(.*)$ https://$host/$1 permanent;
+}
 server {
   include conf.d/www.vars;
 
   #listen   [::]:80 ipv6only=on;
-  listen   80;
+#  listen   80;
   #listen   [::]:443 ipv6only=on ssl;
   listen   443 ssl;
+# http2;
+# ^ ломает тишкоклиент! Не включать пока тишка не починит. А то юзеры ноют.
   #server_name *;
 
   ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
@@ -15,12 +22,17 @@ server {
   ssl_prefer_server_ciphers on;
   ssl_session_tickets on;
 
+  charset utf-8;
+  source_charset utf-8;
+
+	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
   location / {
     proxy_pass              http://www:8088;
     proxy_set_header        Host $host;
     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header        X-Forwarded-Proto $scheme;
-    client_max_body_size    10m;
+    client_max_body_size    25m;
 
     if ($http_user_agent ~* "Dalvik(.*?)" ) {
       access_log off;                                                                                                                                                                                                                                                                       return 403;