server {
    listen 80;
    server_name projetos.tic.ufrj.br;
    return 301 https://projetos.tic.ufrj.br$request_uri;
} 

server {
    listen 443 ssl; 
    server_name projetos.tic.ufrj.br;

    ## Keep alive timeout set to a greater value for SSL/TLS.
    keepalive_timeout 75 75;

    access_log /var/log/nginx/redmine.access.log;
    error_log /var/log/nginx/redmine.error.log;

    ssl_certificate /etc/ssl/certs/secure.projects.example.com-cert.pem;
    ssl_certificate_key /etc/ssl/private/perusio.com-key.pem;

    ## Strict Transport Security header for enhanced security. See
    ## http://www.chromium.org/sts.
    add_header Strict-Transport-Security "max-age=7200";

    root /usr/share/redmine/public;
    index index.html;

    location / {
        try_files $uri @thin;
    }

    ## All static files will be served directly.
    location ~* ^.+\.(?:css|js|jpe?g|gif|htc|ico|png|html)$ {
        access_log off;
        expires 30d;
        ## No need to bleed constant updates. Send the all shebang in one
        ## fell swoop.
        tcp_nodelay off;
        ## Set the OS file cache.
        open_file_cache max=3000 inactive=120s;
        open_file_cache_valid 45s;
        open_file_cache_min_uses 2;
        open_file_cache_errors off;
    }

    ## Support for favicon. Return an 1x1 transparent GIF if it doesn't
    ## exist.
    location = /favicon.ico {
        expires 30d;
        try_files /favicon.ico @empty;
    }

    ## Return an in memory 1x1 transparent GIF.
    location @empty {
        expires 30d;
        empty_gif;
    }

    ## Location
    location @thin {
        proxy_http_version 1.1;
        proxy_set_header Connection '';
        proxy_pass http://redmine_thin;
    }

    ## Protect .git files.
    location ^~ /.git {
        return 404;
    }

}