server {
    # HTTP/2 allows requests to be pipelined within a single connection
    listen 443 ssl http2;
    server_name {{ inventory_hostname }} localhost 127.0.0.1;

    ssl_certificate /etc/ssl/crt/{{ inventory_hostname }}.crt;
    ssl_certificate_key /etc/ssl/private/{{ inventory_hostname }}.pem;
    ssl_protocols TLSv1.2 TLSv1.3;

    # Cache and tickets improve performance by ~10% on small requests
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 4h;
    ssl_session_tickets on;

    location /favicon.ico {
        alias {{ project_dir }}/static/img/favicon.ico;
    }

    location /static/ {
        alias {{ project_dir }}/static/;
    }

    location / {
        include     uwsgi_params;
        uwsgi_pass  unix:/run/uwsgi/{{ project_name }}.sock;
        uwsgi_buffers 256 16k;
    }
}