upstream app_server { server 127.0.0.1:12000 fail_timeout=0; } # ----------------------------------------------------------------------------- # Redirect all sort of non-ssl (with and without www) to ssl without www # ----------------------------------------------------------------------------- server { listen 80; server_name dpaste.de www.dpaste.de dpaste.org www.dpaste.org; # Do not redirect to SSL for API calls (some clients dont support # this automatically) location /api { include /srv/dpaste.de/src/dpaste/server/nginx_server_appforward.conf; } location / { rewrite ^ https://$server_name$request_uri? permanent; } } # ----------------------------------------------------------------------------- # SSL Hosts # ----------------------------------------------------------------------------- server { listen 443; server_name dpaste.de; ssl on; ssl_certificate /srv/dpaste.de/var/ssl/dpaste_de_unified.crt; ssl_certificate_key /srv/dpaste.de/var/ssl/dpaste_de.key; # Rewrite www to non-www if ($host ~ /^www\./) { rewrite ^/(.*)$ https://dpaste.de/$1 permanent; } add_header Strict-Transport-Security max-age=25200; include /srv/dpaste.de/src/dpaste/server/nginx_server.conf; } server { listen 443; server_name dpaste.org; ssl on; ssl_certificate /srv/dpaste.de/var/ssl/dpaste_org_unified.crt; ssl_certificate_key /srv/dpaste.de/var/ssl/dpaste_org.key; add_header Strict-Transport-Security max-age=25200; # Rewrite www to non-www if ($host ~ /^www\./) { rewrite ^/(.*)$ https://dpaste.org/$1 permanent; } include /srv/dpaste.de/src/dpaste/server/nginx_server.conf; }