upstream trac_backend {
          server  127.0.0.1:8000;
          #server  127.0.0.1:8001;
          #server  127.0.0.1:8002;
}

  server {
          listen          80;
          server_name     trac.acme.fr ;

          access_log      /var/log/nginx/trac-acme.log ;
          error_log       /var/log/nginx/trac-acme-error.log info;

          location / {
                  rewrite         ^/(.*)$ https://trac.acme.fr/$1 redirect;
          }

  }
  server {
          listen          443;
          server_name     trac.acme.fr;

          access_log      /var/log/nginx/trac-acme-ssl.log ;
          error_log       /var/log/nginx/trac-acme-ssl-error.log info;

          client_max_body_size 4M;
          
          ssl                  on;
          ssl_certificate /etc/ssl/private/wiki.acme.fr.crt;
          ssl_certificate_key /etc/ssl/private/wiki.acme.fr.key;
          ssl_session_timeout 5m;
          ssl_prefer_server_ciphers on;
          ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
          ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM;
          ssl_dhparam /etc/ssl/private/dh2048.pem;
          add_header Strict-Transport-Security max-age=2678400;

          add_header           Front-End-Https    on;

          location / {
                  proxy_pass      http://trac_backend;
                  include         /etc/nginx/proxy_params;
                  # my system doesn't have the proxy.conf file so I needed to add the following two lines to get redirects working:
                  # proxy_set_header Host $host;
          }

  }