server {
    listen       portnumber;
    server_name  domain www.domain;

    if ($bad_bot) {
        return 403;
    }

    access_log /log/nginx/filename.com.gunicorn_access.log main;
    error_log  /log/nginx/filename.com.gunicorn_error.log warn;

    # if ($host !~* ^(domain\.com|www\.domain\.com)$) {
    #     return 444;
    # }

    # Django media
    location /media  {
        autoindex off;
        gzip_static on;
        expires max;
        #alias /www/django_sample/media;
        alias /www/webroot/media;  # your Django project's media files - amend as required
        #include /etc/nginx/mime.types;
    }

    location /static {
        autoindex off;
        gzip_static on;
        expires max;
        #alias /www/django_sample/static;
        # normally static folder is named as /static
        alias /www/webroot/static;  # your Django project's static files - amend as required
        #include /etc/nginx/mime.types;
    }

    location / {
        autoindex off;
        proxy_pass http://appname:serviceport;
        # proxy_redirect http:// https://;

    }

    # Allow Lets Encrypt Domain Validation Program
    location ^~ /.well-known/acme-challenge/ {
        allow all;
        root /www/webroot;
    }

    # Block dot file (.htaccess .htpasswd .svn .git .env and so on.)
    location ~ /\. {
        deny all;
    }

    # Block (log file, binary, certificate, shell script, sql dump file) access.
    location ~* \.(log|binary|pem|enc|crt|conf|cnf|sql|sh|key|yml|lock)$ {
        deny all;
    }

    # Block access
    location ~* (composer\.json|composer\.lock|composer\.phar|contributing\.md|license\.txt|readme\.rst|readme\.md|readme\.txt|copyright|artisan|gulpfile\.js|package\.json|phpunit\.xml|access_log|error_log|gruntfile\.js)$ {
        deny all;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        log_not_found off;
        access_log off;
    }
}