server { listen 80; listen [::]:80; server_name xy.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; listen [::]:443 ssl; http2 on; server_name xy.com; ssl_certificate /etc/letsencrypt/live/xy.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/xy.co,/privkey.pem; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; add_header Strict-Transport-Security "max-age=63072000; preload"; add_header X-Frame-Options DENY; client_max_body_size 250M; # use it if you would like to prohibit access to everyone running a public vm #satisfy any; #allow your ip adress /32; #allow allow 172.25.0.0/24; #deny all; # use it for having a http auth secured login #auth_basic "Please Login"; #auth_basic_user_file ssl/.htpasswd; location / { proxy_pass http://localhost:3000/; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen 80; listen [::]:80; server_name backend.xy.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; listen [::]:443 ssl; http2 on; server_name backend.xy.com; ssl_certificate /etc/letsencrypt/live/backend.xy.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/backend.xy.com/privkey.pem; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; add_header Strict-Transport-Security "max-age=63072000; preload"; add_header X-Frame-Options DENY; client_max_body_size 250M; # use it if you would like to prohibit access to everyone running a public vm #satisfy any; #allow your ip adress /32; #allow allow 172.25.0.0/24; #deny all; # use it for having a http auth secured login #auth_basic "Please Login"; #auth_basic_user_file ssl/.htpasswd; location / { proxy_pass http://localhost:8000/; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }