server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name portal.exozy.me; ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; add_header Strict-Transport-Security "max-age=31536000" always; ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem; ssl_stapling on; ssl_stapling_verify on; location / { # Required to proxy the connection to Cockpit proxy_pass https://localhost:9090; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; # Required for web sockets to function proxy_http_version 1.1; proxy_buffering off; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Pass ETag header from Cockpit to clients. # See: https://github.com/cockpit-project/cockpit/issues/5239 gzip off; } }