SuddenGunter/nginx.conf

## nginx.conf
server {
       listen 80;
       server_name DOMAIN;
       if ($scheme != "https") {
           return 301 https://DOMAIN$request_uri;
       }
}

server {

        listen *:443 ssl;
        ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
        underscores_in_headers on;

        server_name DOMAIN;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
        ssl_session_cache shared:SSL:10m;
        add_header Strict-Transport-Security "max-age=31536000;";
        ssl_stapling on;
        ssl_stapling_verify on;

        location / {

proxy_redirect off;
    proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    set $cors "1";


    # OPTIONS indicates a CORS pre-flight request
    if ($request_method = 'OPTIONS') {
       set $cors "${cors}o";
    }

    # Append CORS headers to any request from
    # allowed CORS domain, except OPTIONS
    if ($cors = "1") {
       add_header 'Access-Control-Allow-Origin' '*' always;
       add_header 'Access-Control-Allow-Credentials' 'true' always;
       proxy_pass      http://127.0.0.1:5000;
    }

    # OPTIONS (pre-flight) request from allowed
    # CORS domain. return response directly
    if ($cors = "1o") {
       add_header 'Access-Control-Allow-Origin' '*' always;
       add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
       add_header 'Access-Control-Allow-Credentials' 'true' always;
       add_header 'Access-Control-Allow-Headers' '*' always;
       add_header Content-Length 0;
       add_header Content-Type text/plain;
       return 204;
}

        }
}
	server {
	listen 80;
	server_name DOMAIN;
	if ($scheme != "https") {
	return 301 https://DOMAIN$request_uri;
	}
	}

	server {

	listen *:443 ssl;
	ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
	underscores_in_headers on;

	server_name DOMAIN;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
	ssl_session_cache shared:SSL:10m;
	add_header Strict-Transport-Security "max-age=31536000;";
	ssl_stapling on;
	ssl_stapling_verify on;

	location / {

	proxy_redirect off;
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

	set $cors "1";


	# OPTIONS indicates a CORS pre-flight request
	if ($request_method = 'OPTIONS') {
	set $cors "${cors}o";
	}

	# Append CORS headers to any request from
	# allowed CORS domain, except OPTIONS
	if ($cors = "1") {
	add_header 'Access-Control-Allow-Origin' '*' always;
	add_header 'Access-Control-Allow-Credentials' 'true' always;
	proxy_pass http://127.0.0.1:5000;
	}

	# OPTIONS (pre-flight) request from allowed
	# CORS domain. return response directly
	if ($cors = "1o") {
	add_header 'Access-Control-Allow-Origin' '*' always;
	add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
	add_header 'Access-Control-Allow-Credentials' 'true' always;
	add_header 'Access-Control-Allow-Headers' '*' always;
	add_header Content-Length 0;
	add_header Content-Type text/plain;
	return 204;
	}

	}
	}