server { server_name readmore.theschricks.com; location / { proxy_pass http://192.168.50.2:13378; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } #client_max_body_size 50m; listen [::]:443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/readmore.theschricks.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/readmore.theschricks.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options nosniff; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; add_header X-Robots-Tag none; add_header X-Frame-Options "SAMEORIGIN"; add_header Referrer-Policy "strict-origin"; add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()"; # CSP # breaks mobile: #add_header Content-Security-Policy "default-src 'none'; font-src https://fonts.gstatic.com; img-src 'self' https://i.imgur.com; object-src 'none'; script-src 'self'; style-src 'self'"; add_header Content-Security-Policy "frame-ancestors 'self'"; # OCSP stapling ssl_stapling on; ssl_stapling_verify on; } #HTTP server { listen 80; listen [::]:80; server_name readmore.theschricks.com www.readmore.theschricks.com; return 301 https://$host$request_uri; } #Redirect www #server { # listen 443 ssl; # listen [::]:443 ssl; # server_name www.readmore.theschricks.com; # return 301 https://$host$request_uri; #}