server { listen 80; listen [::]:80; server_name {{ nginx_etherpad_url }}; return 301 https://$http_host$request_uri; } map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name {{ nginx_etherpad_url }}; ssl_certificate {{ nginx_ssl_directory }}fullchain.pem; ssl_certificate_key {{ nginx_ssl_directory }}privkey.pem; ssl_prefer_server_ciphers on; location / { proxy_pass http://localhost:9002/; proxy_set_header Host $host; proxy_pass_header Server; # be careful, this line doesn't override any proxy_buffering on set in a conf.d/file.conf proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; # http://wiki.nginx.org/HttpProxyModule proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used proxy_set_header Host $host; # pass the host header proxy_http_version 1.1; # recommended with keepalive connections # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } }