server { listen 80; server_name YOURDOMAIN.TLD; return 301 https://$server_name$request_uri; } server { listen 443 ssl; listen [::]:443 ssl; server_name YOURDOMAIN.TLD; charset utf-8; location / { proxy_pass http://localhost:YOURCUSTOMPORT; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; #proxy_set_header X-Forwarded-Host $custom_forwarded_host; #proxy_set_header X-Forwarded-Server $host; #proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_set_header X-Forwarded-Proto $scheme; } location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } access_log on; #error_log /var/www/YOURPROJECTNAME/log/error.log; sendfile off; client_max_body_size 100m; #SSL Certificates ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate "/etc/letsencrypt/live/YOURDOMAIN.LTD/fullchain.pem"; ssl_certificate_key "/etc/letsenc8ypt/live/YOURDOMAIN.LTD/privkey.pem"; ssl_dhparam /etc/nginx/ssl/certs/YOURDOMAIN.LTD/dhparam.pem; # ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; #ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security "max-age=31536000; #includeSubDomains" always; location ~ /\.ht { deny all; } # website should not be displayed inside a , an