server { root /var/www/html; server_name lists.hamburg.ccc.de; # managed by Certbot listen [::]:443 ssl ipv6only=on; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/lists.hamburg.ccc.de/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/lists.hamburg.ccc.de/privkey.pem; # managed by Certbot # verify chain of trust of OCSP response using Root CA and Intermediate certs ssl_trusted_certificate /etc/letsencrypt/live/lists.hamburg.ccc.de/chain.pem; # HSTS (ngx_http_headers_module is required) (63072000 seconds) add_header Strict-Transport-Security "max-age=63072000" always; location /static { alias /opt/mailman/web/static; autoindex off; } location / { uwsgi_pass localhost:8080; include uwsgi_params; uwsgi_read_timeout 300; } }