tedxuwa_nginx.conf

# tedxuwa_nginx.conf
# on new deployment copy the content of this file to /etc/nginx/sites-available/default
# run sudo /etc/init.d/nginx restart to restart nginx
# from https://uwsgi-docs.readthedocs.io/en/latest/tutorials/Django_and_nginx.html

# configuration of the server
server {
    # certbot webroot redirect
    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root /home/www/letsencrypt;
    }
    # the port your site will be served on
    # the domain name it will serve for
    server_name tedxuwa.com www.tedxuwa.com; # substitute your machine's IP address or FQDN
    charset     utf-8;

    # max upload size
    # client_max_body_size 75M;   # adjust to taste

    # Finally, send all non-media requests to the Django server.
    location / {
        include proxy_params;
        proxy_pass http://unix:/root/website/back-end/root.sock;
    }

    location /static {
        autoindex on;
        alias       /root/website/back-end/static/;
        expires 365d;
    }

    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/tedxuwa.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/tedxuwa.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    # optimise ssl options
    # https://bjornjohansen.no/optimizing-https-nginx
    ssl_session_cache shared:SSL:10m;

    # compression
    # https://www.digitalocean.com/community/tutorials/how-to-add-the-gzip-module-to-nginx-on-ubuntu-14-04
    gzip on;
    gzip_vary on;
    gzip_disable "msie6";
    gzip_min_length 256;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;

}
server {
    # certbot webroot redirect
    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root /home/www/letsencrypt;
    }

    if ($host = www.tedxuwa.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = tedxuwa.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen      80;
    server_name tedxuwa.com www.tedxuwa.com;
    return 404; # managed by Certbot
}
# redirect ticket site, http and https
server {
    # certbot webroot redirect
    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root /home/www/letsencrypt;
    }

    server_name ticket.tedxuwa.com;
    location / {
        return 307 https://tedxuwa.com/tickets$request_uri;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/tedxuwa.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/tedxuwa.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    # certbot webroot redirect
    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root /home/www/letsencrypt;
    }

    server_name tickets.tedxuwa.com;
    location / {
        return 307 https://tedxuwa.com/tickets$request_uri;
    }
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/tedxuwa.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/tedxuwa.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
    # certbot webroot redirect
    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root /home/www/letsencrypt;
    }

    server_name t.tedxuwa.com;
    location / {
        return 307 https://tedxuwa.com/r$request_uri;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/tedxuwa.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/tedxuwa.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
    # certbot webroot redirect
    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root /home/www/letsencrypt;
    }

    if ($host = ticket.tedxuwa.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name ticket.tedxuwa.com;
    return 404; # managed by Certbot


}
server {
    # certbot webroot redirect
    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root /home/www/letsencrypt;
    }

    if ($host = tickets.tedxuwa.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name tickets.tedxuwa.com;
    return 404; # managed by Certbot
}
server {
    # certbot webroot redirect
    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root /home/www/letsencrypt;
    }
    
    if ($host = t.tedxuwa.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name t.tedxuwa.com;
    return 404; # managed by Certbot
}