server { listen 80; listen [::]:80; server_name pad.chalec.org; root /var/www/html; return 301 https://$hostname$request_uri; } server { charset UTF-8; server_name pad.chalec.org; listen [::]:443 ssl http2 default_server; listen 443 http2 proxy_protocol ssl default_server; include snippets/letsencrypt.conf; set_real_ip_from 192.168.1.1; real_ip_header proxy_protocol; ssi on; ssi_last_modified on; #proxy_set_header X-Real-IP $proxy_protocol_addr; #proxy_set_header X-Forwarded-For $proxy_protocol_addr; root /var/www/html; add_header Strict-Transport-Security "max-age=31536000" always; add_header Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'none'; connect-src 'self' wss://pad.chalec.org; frame-ancestors 'self'"; add_header X-XSS-Protection "1; mode=block"; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-options nosniff; access_log /var/log/nginx/pad.chalec.org/access.log; error_log /var/log/nginx/pad.chalec.org/error.log warn; error_page 404 /404.html; error_page 502 /502.html; location /502.html { root /var/www/html; internal; } location /404.html { root /var/www/html; internal; } location /.well-known/statoolinfos { alias /var/www/html/.well-known/statoolinfos/; autoindex on; } location / { #proxy_protocol on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; # proxy_http_version 1.1; proxy_pass http://127.0.0.1:9001; proxy_buffering off; # WebSocket proxying - from https://nginx.org/en/docs/http/websocket.html proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } location /about.html { alias /var/www/html/pad/about.html; } location /logo.svg { alias /var/www/html/pad/pad.chalec.org.svg; } }