server { listen 80; server_name www.shop.bcbc.bike; # $scheme will get the http protocol # and 301 is best practice for tablet, phone, desktop and seo return 301 https://shop.bcbc.bike$request_uri; } server { listen 80; server_name shop.bcbc.bike; # $scheme will get the http protocol # and 301 is best practice for tablet, phone, desktop and seo return 301 https://shop.bcbc.bike$request_uri; } server { # resolver 127.0.0.11 ipv6=off; listen 443 ssl; # listen 80; server_name shop.bcbc.bike; ssl_certificate /etc/letsencrypt/live/shop.bcbc.bike/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/shop.bcbc.bike/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; location = /favicon.ico { access_log off; log_not_found off; } keepalive_timeout 5; root /code; location / { # checks for static file, if not found proxy to app try_files $uri @proxy_to_app; } location /static { root /code; } # Let's encrypt certonly location '/.well-known/acme-challenge' { default_type "text/plain"; root /tmp/letsencrypt-auto; } location @proxy_to_app { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # enable this if and only if you use HTTPS # proxy_set_header X-Forwarded-Proto https; proxy_set_header Host $http_host; # we don't want nginx trying to do something clever with # redirects, we set the Host: header above already. proxy_redirect off; proxy_pass http://workstand:8000; } }