server {
        listen      80;
        server_name localhost;
        access_log  off;
        rewrite ^ https://yourdomain.com$request_uri? permanent;
}

server {
	listen   443;
	server_name  localhost;
	access_log  off;
        ssl on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !EXP !PSK !SRP !CAMELLIA !SEED';
        ssl_session_cache builtin:1000 shared:SSL:10m;
        ssl_stapling on;

        # Use 2048 bit Diffie-Hellman RSA key parameters
        # (otherwise Nginx defaults to 1024 bit, lowering the strength of encryption # when using PFS)
        # Generated by OpenSSL with the following command:
        # openssl dhparam -outform pem -out /etc/nginx/ssl/dhparam2048.pem 2048
        
        ssl_dhparam /etc/nginx/ssl/dhparam2048.pem;
        ssl_certificate /etc/nginx/ssl/certificate.crt;
        ssl_certificate_key /etc/nginx/ssl/privatekey.key;

	location = /i {
		proxy_pass http://127.0.0.1:3001;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Real-IP $remote_addr;
	}
	
	location ^~ /i/ {
		proxy_pass http://127.0.0.1:3001;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Real-IP $remote_addr;
	}

	location = /o {
		proxy_pass http://127.0.0.1:3001;
	}
	
	location ^~ /o/ {
		proxy_pass http://127.0.0.1:3001;
	}

	location / {
		proxy_pass http://127.0.0.1:6001;
		proxy_set_header Host $http_host;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Real-IP $remote_addr;
	}
}