221V/gist:74cee170b0fd2e7ce176e2a3136f932a Secret

## gistfile1.txt
#chat http -> https
server{
  listen 80;
  server_name chat.4dev.win;
  return 301 https://chat.4dev.win$request_uri;
}

#chat https - main chat block
server{
  listen 443 ssl http2;

  root /var/www/4dev;
  index index.php index.html index.htm;

  server_name chat.4dev.win;

  ssl_certificate /etc/letsencrypt/live/4dev.win/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/4dev.win/privkey.pem;
  ssl_dhparam /etc/letsencrypt/live/4dev.win/dhparams.pem;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

  ssl_session_timeout 10m;
  add_header Strict-Transport-Security "max-age=31536000;";
  #add_header Strict-Transport-Security "max-age=31536000; preload";

  #default_type  application/json;
  charset utf-8;
  underscores_in_headers on;

  access_log /var/www/access_chat.log;
  error_log /var/www/error_chat.log;

  gzip  on;
  gzip_vary on;
  gzip_comp_level 6;
  gzip_min_length 1024;
  gzip_proxied any;
  gzip_types text/plain text/css image/svg+xml image/svg application/json application/javascript application/x-javascript text/*;
  gzip_buffers 16 8k;
  add_header X-Frame-Options "DENY";
  #add_header Access-Control-Allow-Origin "*";

  error_page 403 @notphp;
  error_page 404 /404.html;
  location = /404.html {
    root /var/www/4dev/stc/html;
    internal;
  }
  error_page 500 502 503 504 /50x.html;
  location = /50x.html {
    root /var/www/4dev/stc/html;
    #add_header Content-Type "application/json; charset=utf-8" always;
    #add_header Pragma "no-cache" always;
    internal;
  }
  #n2o static
  location ~ /static/ {
    root /home/elixir/chatn2/n2o/samples/apps/review/priv;
    try_files $uri $uri/ =404;
    expires max;
    access_log off;
    error_log off;
  }
  #n2o demo ws
    location /ws {
      access_log off;

      proxy_pass http://127.0.0.1:4070;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_read_timeout 86400s;
      proxy_send_timeout 86400s;

      proxy_set_header HOST $host;
      proxy_set_header  X-Real-IP  $remote_addr;
      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header  Host $http_host;
    }
  location / {
    #try_files $uri $uri/ @notphp;
    try_files @notphp @notphp;
  }
  location = /index.php {
    try_files @notphp @notphp;
  }

  location @notphp {
    proxy_set_header HOST $host;
    proxy_set_header  X-Real-IP  $remote_addr;
    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header  Host $http_host;
    proxy_pass http://127.0.0.1:4070;
  }
}
	#chat http -> https
	server{
	listen 80;
	server_name chat.4dev.win;
	return 301 https://chat.4dev.win$request_uri;
	}

	#chat https - main chat block
	server{
	listen 443 ssl http2;

	root /var/www/4dev;
	index index.php index.html index.htm;

	server_name chat.4dev.win;

	ssl_certificate /etc/letsencrypt/live/4dev.win/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/4dev.win/privkey.pem;
	ssl_dhparam /etc/letsencrypt/live/4dev.win/dhparams.pem;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

	ssl_session_timeout 10m;
	add_header Strict-Transport-Security "max-age=31536000;";
	#add_header Strict-Transport-Security "max-age=31536000; preload";

	#default_type application/json;
	charset utf-8;
	underscores_in_headers on;

	access_log /var/www/access_chat.log;
	error_log /var/www/error_chat.log;

	gzip on;
	gzip_vary on;
	gzip_comp_level 6;
	gzip_min_length 1024;
	gzip_proxied any;
	gzip_types text/plain text/css image/svg+xml image/svg application/json application/javascript application/x-javascript text/*;
	gzip_buffers 16 8k;
	add_header X-Frame-Options "DENY";
	#add_header Access-Control-Allow-Origin "*";

	error_page 403 @notphp;
	error_page 404 /404.html;
	location = /404.html {
	root /var/www/4dev/stc/html;
	internal;
	}
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root /var/www/4dev/stc/html;
	#add_header Content-Type "application/json; charset=utf-8" always;
	#add_header Pragma "no-cache" always;
	internal;
	}
	#n2o static
	location ~ /static/ {
	root /home/elixir/chatn2/n2o/samples/apps/review/priv;
	try_files $uri $uri/ =404;
	expires max;
	access_log off;
	error_log off;
	}
	#n2o demo ws
	location /ws {
	access_log off;

	proxy_pass http://127.0.0.1:4070;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_read_timeout 86400s;
	proxy_send_timeout 86400s;

	proxy_set_header HOST $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	}
	location / {
	#try_files $uri $uri/ @notphp;
	try_files @notphp @notphp;
	}
	location = /index.php {
	try_files @notphp @notphp;
	}

	location @notphp {
	proxy_set_header HOST $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_pass http://127.0.0.1:4070;
	}
	}