server {

    listen 443 ssl;
    server_name example.org;
    ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    access_log /var/log/nginx/example.org_access.log;
    error_log /var/log/nginx/example.org_error.log;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    location / {
        include uwsgi_params;

        uwsgi_pass unix:///var/run/ticketfrei/ticketfrei.sock;
    }

    location /.well-known/acme-challenge {
        root /var/www/acme;
    }
}
server {
    listen 80;
    listen [::]:80;
    server_name example.org;
    return 301 https://$server_name$request_uri;
}