# generated 2020-12-20, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1d, modern configuration, no OCSP
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=modern&openssl=1.1.1d&ocsp=false&guideline=5.6
server {
    listen 80;
    listen [::]:80;
    server_name it-schwarz.net www.it-schwarz.net;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name it-schwarz.net www.it-schwarz.net;
    root /home/geovis/geovis-frontend/projects/project-3/frontend/dist/frontend;


    ssl_certificate /etc/letsencrypt/live/it-schwarz.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/it-schwarz.net/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
    ssl_session_tickets off;

    # modern configuration
    ssl_protocols TLSv1.3;
    ssl_prefer_server_ciphers off;

    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
    add_header Strict-Transport-Security "max-age=63072000" always;

    location /api/ {
        proxy_pass "http://localhost:8080/api/";
    }

    location / {
       try_files $uri $uri/ /index.html;
    }
}