server { server_name dym.sh; listen 80; listen [::]:80; location ~ /\.well-known/acme-challenge { root /var/lib/letsencrypt/; } location / { add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always; return 301 https://$server_name$request_uri; } } server { server_name dym.sh; listen 443 ssl http2; listen [::]:443 ssl http2; ssl_trusted_certificate /etc/letsencrypt/live/dym.sh/chain.pem; ssl_certificate /etc/letsencrypt/live/dym.sh/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/dym.sh/privkey.pem; location ~* ^\/(rss\/|feed\.xml|feed\.rss)$ { add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always; return 301 https://$server_name/rss; } location ~* \/\.?rss$ { types { } default_type "application/rss+xml; charset=utf-8"; root /var/www/dym.sh/; } location / { root /var/www/dym.sh/; try_files $uri $uri/ @gts; } client_max_body_size 2000M; proxy_pass_request_headers on; location @gts { # set to 127.0.0.1 instead of localhost to work around https://stackoverflow.com/a/52550758 proxy_pass http://127.0.0.1:10099; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; } }