server { listen 80; listen [::]:80; server_name ashtreetown.top; location / { return 301 https://$host$request_uri; } } server { listen 8080 ssl http2; listen [::]:8080 ssl http2; server_name ashtreetown.top; ssl_trusted_certificate /home/ashton/cert/ashtreetown.top/fullchain.crt; ssl_certificate /home/ashton/cert/ashtreetown.top/fullchain.crt; ssl_certificate_key /home/ashton/cert/ashtreetown.top/cert.key; ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES; ssl_protocols TLSv1.2 TLSv1.3; ssl_stapling on; ssl_stapling_verify on; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:1m; ssl_verify_depth 10; ssl_session_timeout 30m; add_header Strict-Transport-Security "max-age=31536000"; location / { default_type text/html; return 200 'ashtreetown.org'; } } server { listen 9090 ssl http2; listen [::]:9090 ssl http2; server_name ashtreetown.top; ssl_trusted_certificate /home/ashton/cert/ashtreetown.top/fullchain.crt; ssl_certificate /home/ashton/cert/ashtreetown.top/fullchain.crt; ssl_certificate_key /home/ashton/cert/ashtreetown.top/cert.key; ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES; ssl_protocols TLSv1.2 TLSv1.3; ssl_stapling on; ssl_stapling_verify on; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:1m; ssl_verify_depth 10; ssl_session_timeout 30m; add_header Strict-Transport-Security "max-age=31536000"; location / { proxy_pass http://localhost:50000; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Accept-Encoding gzip; add_header Cache-Control no-cache; } }