jacksonpires · March 1, 2019 05:42
diff --git a/escamboapp-https b/escamboapp-https
 upstream escamboapp {
  server unix:/tmp/escamboapp.sock fail_timeout=0;
 }

 server {
  listen 80;
  server_name example.com;
  return 301 https://$host$request_uri;
 }

 server {
  listen 443 ssl http2;
  server_name escamboapp.com.br;
  root /var/www/escamboapp/current/public;
  index index.html index.htm;
  client_max_body_size 10M;
    
  ssl_protocols TLSv1.2;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  ssl_prefer_server_ciphers On;
  ssl_certificate /etc/letsencrypt/live/escamboapp.com.br/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/escamboapp.com.br/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/escamboapp.com.br/chain.pem;
  ssl_dhparam /etc/ssl/certs/dhparam.pem;
  ssl_session_cache shared:SSL:128m;
  add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
  ssl_stapling on;
  ssl_stapling_verify on;

  location ~ /.well-known {
    allow all;
  }

  location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-FORWARDED_PROTO $scheme;
    proxy_redirect off;
    
    if ($request_uri ~* "\.(ico|css|js|gif|jpe?g|png)\?[0-9]+$") {
      access_log off;
      add_header Cache-Control public;
      expires max;
      break;
    }
    
    if (!-f $request_filename) {
      proxy_pass http://escamboapp;
      break;
    }
  }

  error_page 500 502 503 504 /500.html;
  location = /500.html {
    root /var/www/escamboapp/current/public;
  }
  
  error_page 404 /404.html;
  location = /404.html {
    root /var/www/escamboapp/current/public;
  }
 }
	upstream escamboapp {
	server unix:/tmp/escamboapp.sock fail_timeout=0;
	}

	server {
	listen 80;
	server_name example.com;
	return 301 https://$host$request_uri;
	}

	server {
	listen 443 ssl http2;
	server_name escamboapp.com.br;
	root /var/www/escamboapp/current/public;
	index index.html index.htm;
	client_max_body_size 10M;

	ssl_protocols TLSv1.2;
	ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
	ssl_prefer_server_ciphers On;
	ssl_certificate /etc/letsencrypt/live/escamboapp.com.br/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/escamboapp.com.br/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/escamboapp.com.br/chain.pem;
	ssl_dhparam /etc/ssl/certs/dhparam.pem;
	ssl_session_cache shared:SSL:128m;
	add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
	ssl_stapling on;
	ssl_stapling_verify on;

	location ~ /.well-known {
	allow all;
	}

	location / {
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_set_header X-FORWARDED_PROTO $scheme;
	proxy_redirect off;

	if ($request_uri ~* "\.(ico\|css\|js\|gif\|jpe?g\|png)\?[0-9]+$") {
	access_log off;
	add_header Cache-Control public;
	expires max;
	break;
	}

	if (!-f $request_filename) {
	proxy_pass http://escamboapp;
	break;
	}
	}

	error_page 500 502 503 504 /500.html;
	location = /500.html {
	root /var/www/escamboapp/current/public;
	}

	error_page 404 /404.html;
	location = /404.html {
	root /var/www/escamboapp/current/public;
	}
	}