include /etc/nginx/conf.d/sub/cache-uwsgi.conf; upstream flask_server { # ip_hash; server flask_website:8080; # server flask_website:8080 weight=1 max_fails=3 fail_timeout=30s; # Or: server unix:/app/flask_server.sock; } # Redirect all http requests to the main server wordpress_server server { listen 80; listen [::]:80; server_name bensuperpc.org www.bensuperpc.org flask.bensuperpc.org www.flask.bensuperpc.org; location ~ /.well-known/acme-challenge { allow all; root /var/www/flask; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name bensuperpc.org www.bensuperpc.org flask.bensuperpc.org www.flask.bensuperpc.org; include /etc/nginx/conf.d/sub/gzip.conf; # All things related to SSL ssl_certificate /etc/letsencrypt/live/bensuperpc.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/bensuperpc.org/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/bensuperpc.org/chain.pem; #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; #add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/conf.d/sub/options-ssl-nginx.conf; location / { try_files $uri @flask_app; } location @flask_app { include uwsgi_params; uwsgi_pass flask_server; uwsgi_buffering on; uwsgi_buffers 8 16k; uwsgi_cache UWSGI; uwsgi_cache_valid 200 302 10m; uwsgi_cache_valid 301 1h; uwsgi_cache_valid any 1m; uwsgi_cache_lock on; #uwsgi_ignore_headers Vary; #uwsgi_hide_header Vary; uwsgi_ignore_headers Expires Cache-Control Set-Cookie Vary; uwsgi_hide_header Vary; add_header X-cache $upstream_cache_status; } # Don't write to accesslog for these files location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } }