1 server {

     2     listen 80;

     3     listen [::]:80;

     4     server_name {{nginx_server_name}};

     5     return 301 https://$host$request_uri;

     6 }

     7 

     8 server {

     9     listen 443 ssl http2;

    10 #    listen [::]:443 ssl ipv6only=on;

    11     server_name {{nginx_server_name}};

    12 

    13     ssl_certificate {{nginx_ssl_cert}};

    14     ssl_certificate_key {{nginx_ssl_privkey}};

    15     include /etc/letsencrypt/options-ssl-nginx.conf;

    16     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    17 

    18     ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;

    19     ssl_stapling on;

    20     ssl_stapling_verify on;

    21 

    22     location / {

    23         include     uwsgi_params;

    24         uwsgi_param REMOTE_PORT     $remote_port;

    25         uwsgi_param SERVER_PORT     $server_port;

    26         uwsgi_param SERVER_PROTOCOL $server_protocol;

    27         uwsgi_param UWSGI_SCHEME    $scheme;

    28         uwsgi_param SCRIPT_NAME     /;

    29         uwsgi_param AUTH_USER       $remote_user;

    30         uwsgi_param REMOTE_USER     $remote_user;

    31         uwsgi_pass  unix:/run/uwsgi/app/hgweb/socket;

    32     }

    33 }