server { listen 80; # listen [::]:80; server_name 0x0.envs.net; access_log /var/log/nginx/0x0.envs.net-access.log; error_log /var/log/nginx/0x0.envs.net-error.log; location / { return 307 https://$host$request_uri; } location /.well-known/acme-challenge/ { alias /var/lib/letsencrypt/.well-known/acme-challenge/; } } server { listen 443 ssl http2; server_name 0x0.envs.net; ssl_certificate /etc/letsencrypt/live/0x0.envs.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/0x0.envs.net/privkey.pem; ssl_protocols TLSv1.2; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_verify_depth 3; ssl_dhparam /etc/ssl/certs/envs_dhparam.pem; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/letsencrypt/live/0x0.envs.net/chain.pem; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options nosniff; # add_header X-Frame-Options "SAMEORIGIN"; access_log /var/log/nginx/0x0.envs.net-access.log; error_log /var/log/nginx/0x0.envs.net-error.log; root /srv/0x0; location / { include uwsgi_params; uwsgi_param UWSGI_SCHEME $scheme; # make sure this matches the port you're running uwsgi on uwsgi_pass 127.0.0.1:3031; } location /up { internal; } }