server {
        listen 80;
        server_name www.shop.bcbc.bike;
        # $scheme will get the http protocol
        # and 301 is best practice for tablet, phone, desktop and seo
        return 301 https://shop.bcbc.bike$request_uri;
}
server {
        listen 80;
        server_name shop.bcbc.bike;
        # $scheme will get the http protocol
        # and 301 is best practice for tablet, phone, desktop and seo
        return 301 https://shop.bcbc.bike$request_uri;
 }
server {
#    resolver 127.0.0.11 ipv6=off;
    listen 443 ssl;
#     listen 80;
    server_name shop.bcbc.bike;

    ssl_certificate /etc/letsencrypt/live/shop.bcbc.bike/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/shop.bcbc.bike/privkey.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    location = /favicon.ico { access_log off; log_not_found off; }
    keepalive_timeout 5;
    root /code;

    location / {
      # checks for static file, if not found proxy to app
      try_files $uri @proxy_to_app;
    }

    location /static {
      root /code;
    }

    location @proxy_to_app {
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      # enable this if and only if you use HTTPS
      # proxy_set_header X-Forwarded-Proto https;
      proxy_set_header Host $http_host;
      # we don't want nginx trying to do something clever with
      # redirects, we set the Host: header above already.
      proxy_redirect off;
      proxy_pass http://workstand:8000;
    }
}