server { listen 80; server_name docs.xuqinmin.com; root /var/www/docs.xuqinmin.com/site; index index.html; location ^~ /.well-known/acme-challenge/ { root /var/www/docs.xuqinmin.com/webroot; allow all; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; server_name docs.xuqinmin.com; root /var/www/docs.xuqinmin.com/site; index index.html; ssl_certificate /opt/xuqm/acme/docs.xuqinmin.com_ecc/fullchain.cer; ssl_certificate_key /opt/xuqm/acme/docs.xuqinmin.com_ecc/docs.xuqinmin.com.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Content-Type-Options nosniff always; add_header X-Frame-Options DENY always; add_header Referrer-Policy strict-origin-when-cross-origin always; gzip on; gzip_types text/plain text/css application/json application/javascript text/xml application/xml text/javascript; location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { expires 30d; add_header Cache-Control "public, immutable"; } location / { try_files $uri $uri/ $uri.html =404; } location /health { return 200 "ok"; add_header Content-Type text/plain; } }