server { listen 80; server_name {{ domain }}; location /.well-known/acme-challenge/ { root /var/www/certbot; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; server_name {{ domain }}; ssl_certificate /certs/live/{{ domain }}/fullchain.pem; ssl_certificate_key /certs/live/{{ domain }}/privkey.pem; # TODO: add security params location / { rewrite (\/(user|u|inbox|post|community|c|login|search|sponsors|communities|modlog|home)+) /static/index.html break; proxy_pass http://0.0.0.0:8536; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # WebSocket support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }