server { server_name www.libsoc.org; root /home/server/libsoc/Server/public/; add_header alt-svc 'h3=":443"; ma=2592000, h3-23=":443"; ma=86400, h3-29=":443"; ma=2592000'; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; location ~* \.(?:ico|gif|jpe?g|png|svg|webp)$ { expires 1d; add_header Pragma public; add_header Cache-Control "public"; } location ~* \.(?:css|js|json|txt)$ { expires 1h; add_header Pragma public; add_header Cache-Control "public"; } location ~* \.(?:woff2|woff|ttf)$ { expires max; add_header Pragma public; add_header Cache-Control "public"; } location /js/ {} location /css {} location /img/ {} location /assets/ {} location /fonts/ {} location /favicon.ico {} location /robots.txt {} location /sitemap.txt {} location ~ /loaderio-58f125137ee61345d68285d88016ce2a {} map $request_uri $language_redirect { ~^/(check-login|login-post|logout|signup-post|signup-google|change-user|get-user|confirm-email) ""; # Excluded URIs, no redirection ~^/([a-zA-Z]{2})/ ""; # Matches URIs that start with a two-letter language code and sets it to an empty string default /en; # Redirects all other URIs to the /en prefix } location / { rewrite ^ $language_redirect$request_uri? permanent; proxy_pass http://127.0.0.1:8001; } rewrite /en/communities /en/communes permanent; rewrite /en/coops /en/cooperatives permanent; rewrite /en/affiliates /en/partners permanent; listen 443 http3; listen 443 ssl http2; ssl_certificate /etc/letsencrypt/live/libsoc.org-0001/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/libsoc.org-0001/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot ssl_buffer_size 4k; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/letsencrypt/live/libsoc.org/fullchain.pem; resolver 1.1.1.1 1.0.0.1 valid=300s; resolver_timeout 5s; } server { return 301 https://www.libsoc.org$request_uri; server_name libsoc.org; listen 443 ssl http2; # managed by Certbot ssl_certificate /etc/letsencrypt/live/libsoc.org-0001/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/libsoc.org-0001/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { return 301 https://www.libsoc.org$request_uri; listen 80; listen [::]:80; server_name www.libsoc.org libsoc.org; }