map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 80; listen [::]:80; server_name unms.{{ http_domain_external }} unms.{{ http_domain_internal }}; location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name unms.{{ http_domain_external }} unms.{{ http_domain_internal }}; charset utf-8; server_tokens off; proxy_ssl_verify off; ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem; include /etc/nginx/snippets/letsencrypt-acme-challenge.conf; set $upstream 127.0.0.1:9443; # The UNMS Controller Port location / { proxy_pass https://$upstream; proxy_redirect https://$upstream https://$server_name; proxy_cache off; proxy_store off; proxy_buffering off; proxy_http_version 1.1; proxy_read_timeout 36000s; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Referer ""; client_max_body_size 0; } }