server { listen 443 ssl; server_name example.org; ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; access_log /var/log/nginx/example.org_access.log; error_log /var/log/nginx/example.org_error.log; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; location / { include uwsgi_params; uwsgi_pass unix:///var/run/ticketfrei/ticketfrei.sock; } location /.well-known/acme-challenge { root /var/www/acme; } } server { listen 80; listen [::]:80; server_name example.org; return 301 https://$server_name$request_uri; }