server {
        server_name     	pad.sh0uld.net;

        listen          	80;
        listen          	[::]:80;

        return          	301 https://$server_name$request_uri;
}

server {
        server_name     	pad.sh0uld.net;

        listen          	443 ssl spdy;
        listen          	[::]:443 ssl spdy;

        ssl             	on;
        ssl_certificate 	/etc/letsencrypt/live/pad.sh0uld.net/fullchain.pem;
        ssl_certificate_key 	/etc/letsencrypt/live/pad.sh0uld.net/privkey.pem;

	ssl_session_timeout 	5m;

	ssl_prefer_server_ciphers on;
	ssl_protocols 		TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive
	ssl_ciphers 		'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
	add_header 		Strict-Transport-Security "max-age=15768000; includeSubDomains";

	# Logs
	access_log  		/var/log/etherpad/access.log;
	error_log   		/var/log/etherpad/error.log;
	
	location / { 
		proxy_set_header 	X-Forwarded-Host $host;
        	proxy_set_header 	X-Forwarded-Server $host;
        	proxy_set_header 	X-Forwarded-For $proxy_add_x_forwarded_for; 
        	proxy_pass 		http://localhost:9001;
	}
}