server {
  listen  80;
  listen [::]:80;
  server_name secomn.com www.secomn.com;
  return 301 https://$host$request_uri;

}

server {
  listen 443 ssl;
  listen [::]:443 ssl;
  http2 on;
  include snippets/self-signed.conf;
  include snippets/ssl-params.conf;

  server_name secomn.com www.secomn.com;
    
  #resolver 8.8.8.8 8.8.4.4 valid=300s;
  #resolver_timeout 5s;
  #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; ";
  #ssl_dhparam /etc/ssl/certs/dhparam.pem;
  
  # Add some protection headers for ClickJacking
  add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;
  add_header X-XSS-Protection "1; mode=block";
  add_header 'Access-Control-Allow-Origin' '*';
  
  # Configura http2
  #http2_max_field_size 16k;
  #http2_max_header_size 32k;
  large_client_header_buffers 4 8k;   
  # Habilita compresion
  gzip on;
  gzip_comp_level 6;
  gzip_vary on;
  gzip_min_length  1000;
  gzip_proxied any;
  gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
  gzip_buffers 16 8k;
  
  # Remove server identifiers to help against enumeration
  server_tokens off;
  root /var/www/www.secomn.com/htdocs;
  try_files $uri $uri/ /index.html;
  
  location ~ \.svgz$ {
    add_header Content-Encoding gzip;
  }
 
  error_page 404 /errors/404.html;
  location = /errors/404.html {
    #root /var/www/static/%SITE_NAME%/errors;
    root /var/www/www.secomn.com/errors;
    internal;
  }
  
  access_log /var/log/nginx/www.secomn.com/static.access.log;
  error_log /var/log/nginx/www.secomn.com/static.error.log;
  
  index index.html index.htm;
  
  #location ~* ^.+.(htm|html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
  location ~* \.(jpg|jpeg|gif|css|png|js|ico|html)$ {
    #access_log off;
    expires max;
  }
  location ~* \.(json|html)$ {
    
    if ($request_method = 'OPTIONS') {
      add_header 'Access-Control-Allow-Origin' '*';
      #
      # Om nom nom cookies
      #
      add_header 'Access-Control-Allow-Credentials' 'true';
      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
      #
      # Custom headers and headers various browsers *should* be OK with but aren't
      #
      add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
      #
      # Tell client that this pre-flight info is valid for 20 days
      #
      add_header 'Access-Control-Max-Age' 1728000;
      add_header 'Content-Type' 'text/plain charset=UTF-8';
      add_header 'Content-Length' 0;
      return 204;
    }
    if ($request_method = 'POST') {
      add_header 'Access-Control-Allow-Origin' '*';
      add_header 'Access-Control-Allow-Credentials' 'true';
      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
      add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
    }
    if ($request_method = 'GET') {
      add_header 'Access-Control-Allow-Origin' '*';
      add_header 'Access-Control-Allow-Credentials' 'true';
      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
      add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
    }
  }
  location ~ /\.ht {
    deny  all;

  }
}