# Default server
server {
server_name _;
return 404;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.example.com;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl;
keepalive_timeout 60;
server_name example.com www.example.com;
charset utf-8;
access_log /dev/stdout;
error_log /dev/stdout info;
# ssl cache settings
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 180m;
ssl_stapling on;
ssl_certificate /letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;
location /uploads/ {
autoindex on;
alias /uploads/;
}
location / {
# prevent access for some bots
if ($http_user_agent ~ (libwww|Wget|LWP|damnBot|BBBike|java|spider|crawl) ) {
return 403;
}
proxy_pass http://localhost:5000;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
400 Bad Request. The plain HTTP request was sent to HTTPS port