server { listen 80; server_name projetos.tic.ufrj.br; return 301 https://projetos.tic.ufrj.br$request_uri; } server { listen 443 ssl; server_name projetos.tic.ufrj.br; ## Keep alive timeout set to a greater value for SSL/TLS. keepalive_timeout 75 75; access_log /var/log/nginx/redmine.access.log; error_log /var/log/nginx/redmine.error.log; ssl_certificate /etc/ssl/certs/secure.projects.example.com-cert.pem; ssl_certificate_key /etc/ssl/private/perusio.com-key.pem; ## Strict Transport Security header for enhanced security. See ## http://www.chromium.org/sts. add_header Strict-Transport-Security "max-age=7200"; root /usr/share/redmine/public; index index.html; location / { try_files $uri @thin; } ## All static files will be served directly. location ~* ^.+\.(?:css|js|jpe?g|gif|htc|ico|png|html)$ { access_log off; expires 30d; ## No need to bleed constant updates. Send the all shebang in one ## fell swoop. tcp_nodelay off; ## Set the OS file cache. open_file_cache max=3000 inactive=120s; open_file_cache_valid 45s; open_file_cache_min_uses 2; open_file_cache_errors off; } ## Support for favicon. Return an 1x1 transparent GIF if it doesn't ## exist. location = /favicon.ico { expires 30d; try_files /favicon.ico @empty; } ## Return an in memory 1x1 transparent GIF. location @empty { expires 30d; empty_gif; } ## Location location @thin { proxy_http_version 1.1; proxy_set_header Connection ''; proxy_pass http://redmine_thin; } ## Protect .git files. location ^~ /.git { return 404; } }