# haeusle site configuration
# ! Do not remove this header !
server {
        listen 80;
        listen [::]:80;
        server_tokens off;
        root /var/www/haeusle;
        #server_name haeusle.svhub.de;
        #return 301 https://haeusle.svhub.de/$request_uri;
        server_name haeusle.hinz.casa;
        return 301 https://haeusle.hinz.casa/$request_uri;
}

server {
        listen 443;
        listen [::]:443;
        #server_name haeusle.svhub.de;
        server_name haeusle.hinz.casa;
        server_tokens off;
        ssl on;
        #ssl_certificate /etc/letsencrypt/live/haeusle.svhub.de/fullchain.pem;
        #ssl_certificate_key /etc/letsencrypt/live/haeusle.svhub.de/privkey.pem;
        ssl_certificate /etc/letsencrypt/live/haeusle.hinz.casa/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/haeusle.hinz.casa/privkey.pem;
        ssl_prefer_server_ciphers on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
        #ssl_dhparam /etc/ssl/mail/dhparams.pem;
        add_header Strict-Transport-Security max-age=15768000;
        ssl_session_timeout 30m;
        client_max_body_size 25m;

        location / {
            include uwsgi_params;
            uwsgi_pass unix:/home/sven/haeusle/app.sock;
        }
}