server {
  
    server_name   www.libsoc.org;

    root          /home/server/libsoc/Server/public/;

    add_header alt-svc 'h3=":443"; ma=2592000, h3-23=":443"; ma=86400, h3-29=":443"; ma=2592000';
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

    gzip on;
    gunzip on;
    gzip_types      text/plain application/javascript application/x-javascript text/javascript text/xml text/css;
    gzip_proxied    no-cache no-store private expired auth;
    gzip_min_length 1000;

    
    location ~* \.(?:ico|gif|jpe?g|png|svg|webp)$ {
        expires 1d;
        add_header Pragma public;
        add_header Cache-Control "public";
    }
    location ~* \.(?:css|js|json|txt)$ {
        expires 1h;
        add_header Pragma public;
        add_header Cache-Control "public";
    }
    location ~* \.(?:woff2|woff|ttf)$ {
        expires max;
        add_header Pragma public;
        add_header Cache-Control "public";
    }

    location /js/ {}
    location /css {}
    location /img/ {}
    location /assets/ {}
    location /fonts/ {}
    location /favicon.ico {}
    location /robots.txt {}
    location /sitemap.txt {}
    location ~ /loaderio-58f125137ee61345d68285d88016ce2a {}

    map $request_uri $language_redirect {
        ~^/(check-login|login-post|logout|signup-post|signup-google|change-user|get-user|confirm-email)  "";  # Excluded URIs, no redirection
        ~^/([a-zA-Z]{2})/  "";  # Matches URIs that start with a two-letter language code and sets it to an empty string
        default            /en; # Redirects all other URIs to the /en prefix
    }

    location / {
        rewrite ^ $language_redirect$request_uri? permanent;
        proxy_pass http://127.0.0.1:8001;
    }

    rewrite /en/communities /en/communes permanent;
    rewrite /en/coops /en/cooperatives permanent;     
    rewrite /en/affiliates /en/partners permanent;  
   
   
    listen 443 http3;
    listen 443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/libsoc.org-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/libsoc.org-0001/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    ssl_buffer_size 4k;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/letsencrypt/live/libsoc.org/fullchain.pem;

    resolver 1.1.1.1 1.0.0.1 valid=300s;
    resolver_timeout 5s;

} 

server {
    return 301 https://www.libsoc.org$request_uri;

    server_name   libsoc.org;

    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/libsoc.org-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/libsoc.org-0001/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {

    return 301 https://www.libsoc.org$request_uri;

    listen 80;
    listen [::]:80;

    server_name   www.libsoc.org libsoc.org;

}