server {
        listen 443 ssl;
        server_name api-weather.argideli.com www.api-weather.argideli.com;
        ssl_certificate /etc/letsencrypt/live/argideli.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/argideli.com/privkey.pem;


        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 64;
        client_max_body_size 64M;

        http2_chunk_size 8k;
        #keepalive_timeout 300;
        ssl_session_tickets on;
        ssl_session_cache builtin:1000 shared:SSL:10m;
        ssl_session_timeout 24h;
        ssl_buffer_size 2400;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header X-Cache-Status $upstream_cache_status;
        add_header Alternate-Protocol 443:npn-spdy/3;


        access_log /var/log/nginx/api-weather.argideli.com_access.log;
        error_log /var/log/nginx/api-weather.argideli.com_error.log;

        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;

        # common gzip
        gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
        gzip on;

    location / {
       proxy_hide_header 'access-control-allow-origin';
       if ($http_origin ~* "^https?://(argideli.com|weather.argideli.com|localhost|localhost:3030|10.1.1.1|10.1.1.1:3030)$") {
            add_header 'Access-Control-Allow-Origin' "$http_origin" always;
            add_header 'Access-Control-Allow-Credentials' 'true' always;
            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
            add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
        }

        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' "$http_origin" always;
            add_header 'Access-Control-Allow-Credentials' 'true' always;
            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
            add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;       
            return 204;
        }

        proxy_pass http://localhost:8880;
        #proxy_http_version 1.1;
        #proxy_set_header X-Forwarded-Proto $scheme;
        #proxy_set_header Host $host;
        #proxy_set_header X-Real-IP $remote_addr;
        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}