server {
    listen 443 ssl http2;
    server_name maidstone-hackspace.org.uk live.maidstone-hackspace.org.uk www.maidstone-hackspace.org.uk;
    root /var/www/live-maidstone-hackspace.org.uk/site/html;

    ssl_certificate /etc/letsencrypt/live/live.maidstone-hackspace.org.uk/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/live.maidstone-hackspace.org.uk/privkey.pem;

    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;

    resolver 8.8.8.8;

    server_tokens off;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header Strict-Transport-Security max-age=15768000;

    error_page 404 = /404.htm;

    location = / {
        # match uri equalling / only for index, if anything is after / go to next location
        try_files $uri $uri/index.htm;
    }


    location / {
        try_files $uri $uri.htm $uri/ @uwsgi_fallback;
        #error_page 404 = @fallback;
    }

    location /static {
        alias /var/www/live-maidstone-hackspace.org.uk/site/static;
        #expires 1d;
    	#add_header Pragma public;
    	#add_header Cache-Control "public";
    }

    location @uwsgi_fallback {
        include         uwsgi_params;
        uwsgi_pass      unix:///data/sockets/live-maidstone_hackspace.sock;
    }
}

server {
    listen 443 ssl http2;
    server_name test.maidstone-hackspace.org.uk;
    root /var/www/test-maidstone-hackspace.org.uk/site/html;


    ssl_certificate /etc/letsencrypt/live/test.maidstone-hackspace.org.uk/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/test.maidstone-hackspace.org.uk/privkey.pem;

    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;

    resolver 8.8.8.8;

    server_tokens off;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header Strict-Transport-Security max-age=15768000;

    error_page 404 = /404.htm;

    location = / {
        # match uri equalling / only for index, if anything is after / go to next location
        try_files $uri $uri/index.htm;
    }

    location / {
        try_files $uri $uri.htm $uri/ @uwsgi_fallback;
	#error_page 404 = @fallback;
    }

    location /static {
        alias /var/www/test-maidstone-hackspace.org.uk/site/static;
	expires 1d;
	add_header Pragma public;
    	add_header Cache-Control "public";
    }


    location @uwsgi_fallback {
        include         uwsgi_params;
        uwsgi_pass      unix:///data/sockets/test-maidstone_hackspace.sock;
    }

}