Added worker restats for uwsgi to reduce memory runaway.
server {
listen 80;
listen [::]:80;
server_name {{nginx_server_name}};
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
# listen [::]:443 ssl ipv6only=on;
server_name {{nginx_server_name}};
ssl_certificate {{nginx_ssl_cert}};
ssl_certificate_key {{nginx_ssl_privkey}};
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
ssl_stapling on;
ssl_stapling_verify on;
location / {
include uwsgi_params;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param UWSGI_SCHEME $scheme;
uwsgi_param SCRIPT_NAME /;
uwsgi_param AUTH_USER $remote_user;
uwsgi_param REMOTE_USER $remote_user;
uwsgi_pass unix:/run/uwsgi/app/hgweb/socket;
}
}