server { listen 80 default_server backlog=2048 reuseport fastopen=256; listen [::]:80 default_server backlog=2048 reuseport fastopen=256; # redirect all http traffic to https #return 301 https://$host$request_uri; # Reject everything on your default IP location / { return 444; } } server { listen 443 ssl reuseport fastopen=256 backlog=2048; listen [::]:443 ssl reuseport fastopen=256 backlog=2048; # Reject everything on your default IP location / { return 444; } ssl_reject_handshake on; } server { server_name gnet.myapps.id; # return 301 https://live.myapps.id; proxy_connect_timeout 6000; proxy_send_timeout 6000; proxy_read_timeout 6000; send_timeout 6000; proxy_http_version 1.1; client_max_body_size 3G; # proxy_cache_path /var/cache/nginx/ramcache keys_zone=mycache:50m inactive=60m; location / { proxy_pass http://127.0.0.1:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_key "$scheme$host$request_uri $cookie_mysession-cookie"; # proxy_cache mycache; proxy_cache_valid 1h; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/gnet.myapps.id/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/gnet.myapps.id/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot }