emma-ai.com--vhost

##################################
#--------------------------------#
#--- --- A+ NGINX CONFIG. --- ---# 
#   Copyright (c) 2019 E.M.M.A   #
#--------------------------------#
##################################

map $sent_http_content_type $expires {
    default                off;
    text/html              epoch;
    text/css               max;
    application/javascript max;
    ~image/                max;
}

server {
    listen 80;
    listen [::]:80;

    error_log /var/www/emma-ai.com/log/error.log;

    server_name emma-ai.com www.emma-ai.com;

    return 301 https://$host$request_uri;

    location ~ /.well-known {
        allow all;
    }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    error_log /var/www/emma-ai.com/log/error.log;

    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    add_header Strict-Transport-Security 'max-age=31536000; preload';

    expires $expires;

    server_name emma-ai.com www.emma-ai.com;

    root /var/www/emma-ai.com/public_html;
    index index.html;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/emma-ai.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/emma-ai.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/emma-ai.com/fullchain.pem;
    ssl_protocols TLSv1.2;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.4.4 8.8.8.8 valid=300s;
    resolver_timeout 10s;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 24h;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    ssl_prefer_server_ciphers on;
    ssl_ecdh_curve secp384r1;

    # Generated with 
    # $ mkdir /etc/nginx/ssl && cd /etc/nginx/ssl
    # $ openssl dhparam -out dhparam.pem 4096
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;

    gzip on;
    gzip_comp_level 5;
    gzip_min_length 256;
    gzip_proxied any;
    gzip_vary on;
    gzip_types
        application/atom+xml
        application/geo+json
        application/javascript
        application/x-javascript
        application/json
        application/ld+json
        application/manifest+json
        application/rdf+xml
        application/rss+xml
        application/vnd.ms-fontobject
        application/wasm
        application/x-web-app-manifest+json
        application/xhtml+xml
        application/xml
        font/eot
        font/otf
        font/ttf
        image/bmp
        image/svg+xml
        text/cache-manifest
        text/calendar
        text/css
        text/javascript
        text/markdown
        text/plain
        text/xml
        text/vcard
        text/vnd.rim.location.xloc
        text/vtt
        text/x-component
        text/x-cross-domain-policy;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;
    
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }        

    location /api {
        rewrite /api/(.*) /$1 break;
        rewrite ^([^.]*[^/])$ $1/ permanent;
        proxy_pass http://localhost:3000;
        proxy_redirect off;
        proxy_set_header Host $host;
    }
    
    location ~* \.(gif|jpe?g|png|css)$ {
        expires 30d;
    }
    
    location ~ /.well-known {
        allow all;
    }
    
    location / {
        try_files $uri $uri/ =404;
    }

    error_page 404 /;
        location = / {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }
}