server {                            
    if ($host = mail.acme.fr) {                 
        return 301 https://$host$request_uri;              
    } # managed by Certbot                                                   
                                                         
                                                  
        listen 80;
        listen [::]:80;
        server_name mail.acme.fr;
        return 301 https://mail.acme.fr$request_uri;                     
                                                                           
        
} 

server {
        #listen 127.0.0.1:444 ssl;
        listen 443 ssl;
        listen [::]:443 ssl;

        server_name mail.acme.fr;
        ssl_certificate /etc/letsencrypt/live/mail.acme.fr/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/mail.acme.fr/privkey.pem; # managed by Certbot
        ssl_session_timeout 5m;
        ssl_prefer_server_ciphers on;
        #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_protocols TLSv1.2;
        ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM;
        #ssl_dhparam /etc/ssl/private/dh2048.pem;
        ssl_dhparam /etc/nginx/ssl/dhparam4.pem;
        add_header Strict-Transport-Security max-age=2678400;

        #auth_basic "Restricted";
        #auth_basic_user_file /etc/nginx/wiki.htpasswd;
        client_max_body_size 20m;
        proxy_read_timeout 3600;


        location / {
                 proxy_redirect off;
                 proxy_set_header Host $http_host;
                 proxy_set_header X-Forwarded-Server $host;
                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_set_header X-Real-IP $remote_addr;
                 proxy_pass http://127.0.0.1:8081;
        }

}