map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
upstream django {
server localhost:8080;
server {
if ($host = {
return 301 https://$host$request_uri;
listen 80 reuseport;
charset utf-8;
return 404;
# configuration of the server
server {
# the port your site will be served on
listen 443 ssl http2 reuseport;
# the domain name it will serve for
charset utf-8;
# max upload size
client_max_body_size 75M; # adjust to taste
# location /static {
# alias /path/to/static; #TODO add path
# expires 30d;
# access_log off;
# add_header Pragma public;
# add_header Cache-Control "public";
# }
error_page 500 502 503 504 404 /error.html;
location = /error.html {
add_header Content-Type text/html;
return 200 '<meta http-equiv="refresh" content="1; URL=" />';
location /logout/ {
proxy_pass http://django;
# Finally, send all non-media requests to the Django server.
location / {
if ($cookie_sessionid = ""){
proxy_pass http://django; # TODO prolly change that to uwsgi_pass
ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# add_header Strict-Transport-Security max-age=31536000;

worker_processes 1;
user www-data;
worker_processes auto;
pid /run/;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
worker_connections 768;
# multi_accept on;
http {
# Basic Settings
# SSL Settings
ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
# ssl_prefer_server_ciphers on;
# Logging Settings