Nginx ssl config

upstream advertalist_gunicorn_server {
    server unix:/run/advertalist_gunicorn/advertalist_gunicorn.socket fail_timeout=0;
}

upstream advertalist_gunicorn_asgi_server {
    server unix:ASGI_SOCKET fail_timeout=0;
}

server {
    server_name some-domain.com www.some-domain.com;
    listen 80;
    return 301 https://some-domain.com$request_uri;
}

server {
    server_name www.some-domain.com;
    listen some-domain.com:443 ssl;
    # or
    # server_name ~^www\.(?<domain>.+)$;
    # listen 443 ssl http2;

    access_log off;

    ssl_certificate /etc/letsencrypt/live/some-domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/some-domain.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/some-domain.com/chain.pem;

    ssl_stapling on;
    ssl_stapling_verify on;

    add_header Strict-Transport-Security "max-age=31536000";

    return 301 $scheme://some-domain.com$request_uri;
    # or
    #return 302 $scheme://$domain$request_uri;
}

server {
    #listen 80 default_server;
    #listen [::]:80 default_server ipv6only=on;
    #server_name _;

    server_name some-domain.com;
    listen some-domain.com:443 ssl;
    # or
    #listen 443 ssl http2 default_server;
    #listen [::]:443 ssl http2 default_server;

    ##if ($http_host ~ ~^www\.(.+)$) {
    ##    return 302 https://$1$request_uri;
    ##}

    access_log off;

    ssl_certificate /etc/letsencrypt/live/some-domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/some-domain.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/some-domain.com/chain.pem;

    ssl_stapling on;
    ssl_stapling_verify on;

    add_header Strict-Transport-Security "max-age=31536000";

    error_log /var/log/nginx/error.log crit;

    open_file_cache max=200000 inactive=20s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 2;
    open_file_cache_errors on;

    access_log off;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;

    gzip on;
    gzip_comp_level    5;
    gzip_min_length 256;
    gzip_proxied any;
    gzip_types
      application/atom+xml
       application/javascript
       application/json
       application/ld+json
       application/manifest+json
       application/rss+xml
       application/vnd.geo+json
       application/vnd.ms-fontobject
       application/x-font-ttf
       application/x-web-app-manifest+json
       application/xhtml+xml
       application/xml
       font/opentype
       image/bmp
       image/svg+xml
       image/x-icon
       text/cache-manifest
       text/css
       text/plain
       text/vcard
       text/vnd.rim.location.xloc
       text/vtt
       text/x-component
       text/x-cross-domain-policy;

    gzip_disable msie6;

    keepalive_timeout 30;
    keepalive_requests 100000;
    reset_timedout_connection on;
    client_body_timeout 10;
    send_timeout 2;

    client_max_body_size 4G;

    # Your Django project's media files - amend as required
    location /uploads  {
        alias /home/advertalist/advertalist/advertalist/server/app/uploads;
        expires 30d;
    }

    # your Django project's static files - amend as required
    location /static {
        alias /home/advertalist/advertalist/advertalist/server/app/static;
        expires 30d;
    }

    location /.well-known {
        root /var/www/html;
    }

    # gunicorn
    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_pass http://advertalist_gunicorn_server;
    }

    # uwsgi
    # location / {
    #     uwsgi_pass 0.0.0.0:9000;
    #     include uwsgi_params;
    # }
}