/default-443.conf

## default-443.conf
server {
   listen 443 ssl;
   listen [::]:443 ssl ipv6only=on;
   server_name mlvin.xyz www.mlvin.xyz;

   root /var/www/html;
   index index.html index.htm;

   # add Strict-Transport-Security to prevent man in the middle attacks
   add_header Strict-Transport-Security "max-age=31536000";

   location / {
        try_files $uri $uri/ /index.html;
        }

   # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
   ssl_certificate /etc/letsencrypt/live/mlvin.xyz/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/mlvin.xyz/privkey.pem;
   ssl_session_timeout 1d;
   ssl_session_cache shared:SSL:50m;

   # intermediate configuration. tweak to your needs.
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:E\
CDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA25\
6:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-A\
ES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3\
-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SH\
A:DES-CBC3-SHA:!DSS';
   ssl_prefer_server_ciphers on;

}

## default.conf
server {
        listen   80 default_server;
        listen   [::]:80 ipv6only=on;

        server_name mlvin.xyz www.mlvin.xyz;
        return 302 https://$host$request_uri;
}
	server {
	listen 443 ssl;
	listen [::]:443 ssl ipv6only=on;
	server_name mlvin.xyz www.mlvin.xyz;

	root /var/www/html;
	index index.html index.htm;

	# add Strict-Transport-Security to prevent man in the middle attacks
	add_header Strict-Transport-Security "max-age=31536000";

	location / {
	try_files $uri $uri/ /index.html;
	}

	# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
	ssl_certificate /etc/letsencrypt/live/mlvin.xyz/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/mlvin.xyz/privkey.pem;
	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;

	# intermediate configuration. tweak to your needs.
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:E\
	CDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA25\
	6:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-A\
	ES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3\
	-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SH\
	A:DES-CBC3-SHA:!DSS';
	ssl_prefer_server_ciphers on;

	}
	server {
	listen 80 default_server;
	listen [::]:80 ipv6only=on;

	server_name mlvin.xyz www.mlvin.xyz;
	return 302 https://$host$request_uri;
	}