nginx lets encrypt

# Redirect the server's IP address to the default server's hostname.
server {
  listen 80;
  listen [::]:80;
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name 206.189.253.183;

  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;

  return 301 https://example.com$request_uri;
}

# Redirect www to main domain.
server {
  listen 80;
  listen [::]:80;
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name www.example.com;

  access_log syslog:server=unix:/dev/log,facility=user,tag=dtp main;

  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;

  return 301 https://example.com$request_uri;
}

# HTTP links subdomain
server {
  listen 80;
  listen [::]:80;

  server_name url660.example.com;

  root /srv/example/public;

  location ~* ^/.well-known {
    root /srv/example/public;
    allow all;
  }

  location / {

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_send_timeout 300s;

    proxy_pass http://sendgrid.net;
  }
}

# Added this to get cert for url660 working
server {
  listen       443 ssl;
  listen       [::]:443 ssl;
  server_name url660.example.com;

  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;

  location / {

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_ssl_session_reuse on;
    proxy_send_timeout 300s;

    proxy_pass https://sendgrid.net;
  }
}

# Redirect HTTP to HTTPS
server {
    listen 80;
    listen [::]:80;
    server_name example.com;


    root /srv/example/public;

    location ~* ^/.well-known {
      root /srv/example/public;
      allow all;
    }

    location / {
      return 301 https://example.com$request_uri;
    }
}


# Main Server Block to Virtual Host
server {
  listen       443 ssl;
  listen       [::]:443 ssl;
  server_name  example.com;

  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;

  root /srv/example/public;
  index index.html;
  error_page 502 /502.html;

  location / {
    #if ($remote_addr != "67.243.133.205") {
      #return 503;
    #}
    try_files $uri @proxy;
  }

  #error_page 503 @maintenance;
  #location @maintenance {
    #rewrite ^(.*)$ /maintenance.html break;
  #}

  location @proxy {
    proxy_redirect off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_set_header Proxy '';
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;

    set $backend http://127.0.0.1:8000;
    proxy_pass $backend;
  }

  location ~ ^/(assets|static|css|styles|stylesheets|js|scripts|javascripts|img|images|fonts|videos|uploads|vendor)/.*\. {
    gzip_static always;

    expires 1y;

    add_header Cache-Control "public";
    add_header ETag "";
  }

  location = /favicon.ico {
    access_log off;
    try_files /favicon.ico =204;
  }

  error_page 404 /404.html;
    location = /40x.html {
  }

  error_page 500 502 503 504 /50x.html;
    location = /50x.html {
  }
}