server {
    listen 80;
    listen [::]:80;
    server_name nfsw.dingy.space;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name nfsw.dingy.space;

    location / {
        try_files $uri @nfsw;
    }

    location @nfsw {
        uwsgi_pass 127.0.0.1:4201;
        include uwsgi_params;
    }

    ssl_certificate /etc/ssl/nfsw.dingy.space.fullchain.pem;
    ssl_certificate_key /etc/ssl/private/nfsw.dingy.space.key;

    add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';

    ssl_prefer_server_ciphers on;
    ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !MD5 !EXP !DSS !PSK !SRP !kECDH !CAMELLIA !RC4 !SEED';

    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;
    keepalive_timeout   70;

    # nginx 1.5.9+ ONLY
    ssl_buffer_size 1400;

}