Nginx Examples
Nextcloud
Highlighted items will need to be modified
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name cloud.bankai-tech.com;
# Redirect to https version of website
return 301 https://cloud.bankai-tech.com;
# Logging
access_log /var/log/nginx/nextcloud_access.log;
error_log /var/log/nginx/nextcloud_error.log;
}
server {
listen 443 ssl http2;
server_name cloud.bankai-tech.com;
set $upstream_nextcloud http://192.168.4.130;
# Load TLS Certs
ssl_certificate /etc/letsencrypt/live/bankai-tech.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bankai-tech.com/privkey.pem;
proxy_ssl_trusted_certificate /etc/letsencrypt/live/bankai-tech.com/chain.pem;
# ssl_stapling on;
# ssl_stapling_verify on;
# Logging
access_log /var/log/nginx/nextcloud_access.log;
error_log /var/log/nginx/nextcloud_error.log;
# GZIP but do not remove etag
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Security Headers
add_header Expect-CT "enforce, max-age=31536000";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),cross-origin-isolated=(self),display-capture=(),document-domain=(),encrypted-media=(),execution-while-not-rendered=(),execution-while-out-of-viewport=(),fullscreen=(self),geolocation=(),gyroscope=(),hid=(),idle-detection=(),magnetometer=(),microphone=(),midi=(),navigation-override=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=(),web-share=(),clipboard-read=(self),clipboard-write=(self)";
# Allow upload of large files
client_max_body_size 10G;
# Cache
proxy_cache_key $scheme$proxy_host$request_uri;
add_header X-Cache-Status $upstream_cache_status;
client_header_buffer_size 50m;
client_body_buffer_size 50m;
client_body_timeout 300s;
# CALDAV CARDAV Discovery
rewrite ^/\.well-known/carddav https://cloud.bankai-tech.com/remote.php/dav/ redirect;
rewrite ^/\.well-known/caldav https://cloud.bankai-tech.com/remote.php/dav/ redirect;
# Connect to backend server
location / {
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
#proxy_cookie_path / "/; SameSite=strict; HTTPOnly; Secure";
proxy_pass $upstream_nextcloud:8080;
proxy_set_header Host $host;
proxy_set_header Upgrade websocket;
proxy_set_header Connection Upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300s;
#Cache
proxy_buffering on;
proxy_cache_valid 200;
proxy_cache_background_update on;
}
# Fix webfinger and nodefinger
location ^~ /.well-known/ {
return 301 /index.php$uri;
}
location ^~ /push/ {
proxy_pass $upstream_nextcloud:7867/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ^~ /metrics/ {
proxy_pass $upstream_nextcloud:7868/metrics;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header Upgrade websocket;
proxy_set_header Connection Upgrade;
proxy_set_header CF-Connecting-IP $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300s;
#Cache
proxy_buffering on;
proxy_cache_valid 200;
proxy_cache_background_update on;
}
}
Adguard Home
Highlighted items will need to be modified
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name adguard.bankai-tech.com;
set $upstream_adguard http://192.168.4.55:3001;
# Logging
access_log /var/log/nginx/AdGuardHome_access.log;
error_log /var/log/nginx/AdGuardHome_error.log;
# Load TLS Certs
ssl_certificate /etc/letsencrypt/live/bankai-tech.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bankai-tech.com/privkey.pem;
# Connect to backend server
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect / /;
proxy_cookie_path / /;
proxy_pass $upstream_adguard;
#websockets
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Authelia
Highlighted items will need to be modified
#websocket
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen [::]:80;
server_name auth.bankai-tech.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name auth.bankai-tech.com;
set $upstream_authelia http://192.168.4.202:9091;
ssl_certificate /etc/letsencrypt/live/bankai-tech.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bankai-tech.com/privkey.pem;
proxy_ssl_trusted_certificate /etc/letsencrypt/live/bankai-tech.com/chain.pem;
# proxy_ssl_verify on;
# ssl_stapling on;
# ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains" always;
location / {
proxy_pass $upstream_authelia;
client_body_buffer_size 128k;
#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 360;
proxy_send_timeout 360;
proxy_connect_timeout 360;
# Basic Proxy Config
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
#websockets
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 64 256k;
# If behind reverse proxy, forwards the correct IP
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.0.0.0/8;
set_real_ip_from 192.168.4.0/24;
set_real_ip_from fc00::/7;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
}
location /api/verify {
proxy_pass $upstream_authelia;
}
}
HomeBridge
Highlighted items will need to be modified
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen [::]:80;
server_name homebridge.bankai-tech.com;
set $upstream_homebridge http://192.168.4.200:8581;
# Redirect to https version of website
return 301 https://homebridge.bankai-tech.com;
# Logging
access_log /var/log/nginx/HomeBridge_access.log;
error_log /var/log/nginx/HomeBridge_error.log;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name homebridge.bankai-tech.com;
# Load TLS Certs
ssl_certificate /etc/letsencrypt/live/bankai-tech.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bankai-tech.com/privkey.pem;
proxy_ssl_trusted_certificate /etc/letsencrypt/live/bankai-tech.com/chain.pem;
# Logging
access_log /var/log/nginx/HomeBridge_access.log;
error_log /var/log/nginx/HomeBridge_error.log;
# Security Headers
add_header Expect-CT "enforce, max-age=31536000";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),cross-origin-isolated=(self),display-capture=(),document-domain=(),encrypted-media=(),execution-while-not-rendered=(),execution-while-out-of-viewport=(),fullscreen=(self),geolocation=(),gyroscope=(),hid=(),idle-detection=(),magnetometer=(),microphone=(),midi=(),navigation-override=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=(),web-share=(),clipboard-read=(self),clipboard-write=(self)";
# Allow upload of large files
client_max_body_size 10G;
# Cache
proxy_cache_key $scheme$proxy_host$request_uri;
add_header X-Cache-Status $upstream_cache_status;
client_header_buffer_size 50m;
client_body_buffer_size 50m;
client_body_timeout 300s;
# Connect to backend server
location / {
proxy_set_header Host $host;
proxy_set_header CF-Connecting-IP $proxy_add_x_forwarded_for;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_cookie_path / "/; SameSite=strict; HTTPOnly; Secure";
proxy_http_version 1.1;
proxy_set_header "Connection" "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass $upstream_homebridge;
proxy_read_timeout 300s;
#Cache
proxy_buffering on;
proxy_cache_valid 200;
proxy_cache_background_update on;
}
}
Home Assistant
Highlighted items will need to be modified
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name home.bankai-tech.com;
# Redirect to https version of website
return 301 https://home.bankai-tech.com;
# Logging
access_log /var/log/nginx/Home_Assistant_access.log;
error_log /var/log/nginx/Home_Assistant_error.log;
}
server {
listen 443 ssl http2;
server_name home.bankai-tech.com;
set $upstream_ha http://192.168.4.202:8123;
# Load TLS Certs
ssl_certificate /etc/letsencrypt/live/bankai-tech.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bankai-tech.com/privkey.pem;
proxy_ssl_trusted_certificate /etc/letsencrypt/live/bankai-tech.com/chain.pem;
# Logging
access_log /var/log/nginx/Home_Assistant_access.log;
error_log /var/log/nginx/Home_Assistant_error.log;
# Security Headers
add_header Expect-CT "enforce, max-age=31536000";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),cross-origin-isolated=(self),display-capture=(),document-domain=(),encrypted-media=(),execution-while-not-rendered=(),execution-while-out-of-viewport=(),fullscreen=(self),geolocation=(),gyroscope=(),hid=(),idle-detection=(),magnetometer=(),microphone=(),midi=(),navigation-override=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=(),web-share=(),clipboard-read=(self),clipboard-write=(self)";
# Allow upload of large files
client_max_body_size 10G;
# Cache
proxy_cache_key $scheme$proxy_host$request_uri;
add_header X-Cache-Status $upstream_cache_status;
client_header_buffer_size 50m;
client_body_buffer_size 50m;
client_body_timeout 300s;
# Connect to backend server
location / {
proxy_set_header Host $host;
proxy_set_header CF-Connecting-IP $proxy_add_x_forwarded_for;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_cookie_path / "/; SameSite=strict; HTTPOnly; Secure";
proxy_http_version 1.1;
proxy_set_header "Connection" "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass $upstream_ha;
proxy_read_timeout 300s;
#Cache
proxy_buffering on;
proxy_cache_valid 200;
proxy_cache_background_update on;
}
}
Jellyfin | JFA-GO
Highlighted items will need to be modified
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name jellyfin.bankai-tech.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name jellyfin.bankai-tech.com;
# The default `client_max_body_size` is 1M, this might not be enough for some posters, etc.
client_max_body_size 20M;
# use a variable to store the upstream proxy
# in this example we are using a hostname which is resolved via DNS
# (if you aren't using DNS remove the resolver line and change the variable to point to an IP address e.g `set $jellyfin 127.0.0.1`)
set $jellyfin http://192.168.4.31:8096;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1;
# Load TLS Certs
ssl_certificate /etc/letsencrypt/live/bankai-tech.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bankai-tech.com/privkey.pem;
proxy_ssl_trusted_certificate /etc/letsencrypt/live/bankai-tech.com/chain.pem;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
add_header Expect-CT "enforce, max-age=31536000";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# Security / XSS Mitigation Headers
# NOTE: X-Frame-Options may cause issues with the webOS app
# add_header X-Frame-Options "SAMEORIGIN";
# Do NOT enable. This is obsolete/dangerous
add_header X-XSS-Protection "0";
add_header X-Content-Type-Options "nosniff";
# COOP/COEP. Disable if you use external plugins/images/assets
# add_header Cross-Origin-Opener-Policy "same-origin" always;
# add_header Cross-Origin-Embedder-Policy "require-corp" always;
# add_header Cross-Origin-Resource-Policy "same-origin" always;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
# Permissions policy. May cause issues on some clients
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;
# Tell browsers to use per-origin process isolation
add_header Origin-Agent-Cluster "?1" always;
# Content Security Policy
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
# Enforces https content and restricts JS/CSS to origin
# External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
# NOTE: The default CSP headers may cause issues with the webOS app
# add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
# location = / {
# return 302 http://$host/web/;
# return 302 https://$host/web/;
# }
location / {
# Proxy main Jellyfin traffic
proxy_pass $jellyfin;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
# location block for /web - This is purely for aesthetics so /web/!/ works instead of having to go to /web/index.html/!/
location = /web/ {
# Proxy main Jellyfin traffic
proxy_pass $jellyfin/web/index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
location /socket {
# Proxy Jellyfin Websockets traffic
proxy_pass $jellyfin;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
location /accounts {
set $upstream_accounts http://192.168.4.31:8056;
proxy_pass $upstream_accounts;
client_body_buffer_size 128k;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
send_timeout 5m;
proxy_read_timeout 360;
proxy_send_timeout 360;
proxy_connect_timeout 360;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 64 256k;
set_real_ip_from 192.168.4.0/24;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
#websockets
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Jellyseerr
Highlighted items will need to be modified
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen [::]:80;
server_name requests.bankai-tech.com;
# Redirect to https version of website
return 301 https://requests.bankai-tech.com;
# Logging
access_log /var/log/nginx/Jellyseer_access.log;
error_log /var/log/nginx/Jellyseer_error.log;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name requests.bankai-tech.com;
set $upstream_jellyseerr http://192.168.4.206:5055;
# Load TLS Certs
ssl_certificate /etc/letsencrypt/live/bankai-tech.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bankai-tech.com/privkey.pem;
proxy_ssl_trusted_certificate /etc/letsencrypt/live/bankai-tech.com/chain.pem;
# proxy_ssl_verify on;
# ssl_stapling on;
# ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1;
# Logging
access_log /var/log/nginx/Jellyseer_access.log;
error_log /var/log/nginx/Jellyseer_error.log;
# Security Headers
add_header Expect-CT "enforce, max-age=31536000";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),cross-origin-isolated=(self),display-capture=(),document-domain=(),encrypted-media=(),execution-while-not-rendered=(),execution-while-out-of-viewport=(),fullscreen=(self),geolocation=(),gyroscope=(),hid=(),idle-detection=(),magnetometer=(),microphone=(),midi=(),navigation-override=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=(),web-share=(),clipboard-read=(self),clipboard-write=(self)";
# Allow upload of large files
client_max_body_size 0;
# Cache
proxy_cache_key $scheme$proxy_host$request_uri;
add_header X-Cache-Status $upstream_cache_status;
client_header_buffer_size 50m;
client_body_buffer_size 50m;
client_body_timeout 300s;
# Connect to backend server
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header CF-Connecting-IP $proxy_add_x_forwarded_for;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_cookie_path / "/; SameSite=strict; HTTPOnly; Secure";
proxy_http_version 1.1;
proxy_set_header "Connection" "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass $upstream_jellyseerr;
proxy_read_timeout 300s;
}
}
Docusaurus
Highlighted items will need to be modified
server {
listen 80;
listen [::]:80;
server_name docs.bankai-tech.com;
# Redirect to https version of website
return 301 https://docs.bankai-tech.com;
# Logging
access_log /var/log/nginx/docs_access.log;
error_log /var/log/nginx/docs_error.log;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name docs.bankai-tech.com;
set $upstream_docs http://192.168.4.109:8091;
# Logging
access_log /var/log/nginx/docs_access.log;
error_log /var/log/nginx/docs_error.log;
# Load TLS Certs
ssl_certificate /etc/letsencrypt/live/bankai-tech.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bankai-tech.com/privkey.pem;
proxy_ssl_trusted_certificate /etc/letsencrypt/live/bankai-tech.com/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 [2001:4860:4860::]:8888 [2001:4860:4860::]:8844 valid=300s;
# Timeout for DNS resolution
resolver_timeout 5s;
# Connect to backend server
location / {
proxy_pass $upstream_docs;
client_body_buffer_size 128k;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
send_timeout 5m;
proxy_read_timeout 360;
proxy_send_timeout 360;
proxy_connect_timeout 360;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 64 256k;
set_real_ip_from 192.168.4.0/24;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
#websockets
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
