server {
#if ($http_user_agent ~* (AhrefsBot|SemrushBot|MJ12Bot|DotBot)) {
#     return 410;
#}

##listen 443 ssl http2;
    server_name tribu.semdestino.org;

    listen 80 default_server;
   listen 443 ssl default_server;
#   listen [::]:443 ssl http2;

    access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vhost,nohostname main;
    error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vhost_err,nohostname debug;

    root /etc/nginx/html/;

    ssl_certificate /etc/letsencrypt/live/tribu.semdestino.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/tribu.semdestino.org/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/tribu.semdestino.org/chain.pem;

    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;
    add_header Strict-Transport-Security max-age=15768000;
    ssl_stapling on;
    ssl_stapling_verify on;


#proxy_redirect off;
#proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
#proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


   location /doc {
       alias /srv/www/doc;
       index index.html;
        autoindex on;
    }

   location /mirror {
       proxy_pass http://ports.ank;
   }

   location /pub {
       proxy_pass http://wiki.server.ank:8080;
   }
   location ^~ /.well-known {
       # ACME challenge
       proxy_pass http://wiki.server.ank;
   }
   location /wiki {
        proxy_pass http://wiki.server.ank:8080;
   }

   location /git {
       proxy_pass http://git.server.ank:8080;
   }

   location /forum/ {
        proxy_pass http://forum.server.ank:8080/;
   }

   location /task {
       proxy_pass http://task.server.ank:8080;
   }

   location /shop {
        proxy_pass http://shop.server.ank:8080;
   }

   location /vexim/ {
       proxy_pass http://vexim.server.ank:8080/;
   }

   location /email {
       proxy_pass http://email.server.ank:8080;
   }

   location /awstats {
       proxy_pass http://awstats.server.ank:8080;
   }

   location /stats {
       proxy_pass http://stats.server.ank:8080;
   }

   location / {
        proxy_pass http://frontpage.server.ank:8080/;
    }
}