server {
    listen 443 ssl;
    server_name arpita.site;

    ssl_certificate /etc/nginx/certs/arpita_site/fullchain.pem;
    ssl_certificate_key /etc/nginx/certs/arpita_site/privkey.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    proxy_set_header X-Real-IP  $remote_addr; # pass on real client IP

    location ~ .(aspx|php|jsp|cgi)$ {
        deny all;
    }

    location / {
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Host $http_host;
            proxy_pass http://arpita_site:2368;
    }

    # Block Bad Bots
    if ($bad_bot) { return 403; }

    # Block Bad Referers
    if ($bad_referer) { return 403; }
}

server {
    listen 80;
    server_name arpita.site;
    return 301 https://$host$request_uri;
}

# remove 'www'
server {
    listen 80;
    listen 443 ssl;
    server_name www.arpita.site;
    return 301 https://arpita.site$request_uri;
}