events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; server_tokens off; charset utf-8; types { text/javascript mjs; } server { listen 80; server_name $DOMAIN www.$DOMAIN; # Allow Certbot to access the ACME challenge location /.well-known/acme-challenge/ { root /var/www/certbot; } # Redirect everything else to HTTPS location / { return 301 https://www.$DOMAIN$request_uri; } } server { listen 443 ssl; server_name $DOMAIN; ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem; return 301 https://www.$DOMAIN$request_uri; } server { listen 443 ssl; http2 on; server_name www.$DOMAIN; root /etc/nginx/html; index index.html; ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem; location / { try_files $uri $uri/ /index.html; } location = /robots.txt { allow all; log_not_found off; access_log off; } location ~ /.well-known/acme-challenge/ { root /var/www/certbot; } location = /img/stamps/mine.gif { add_header Access-Control-Allow-Origin *; } location $BACKEND_ENDPOINT { return 301 $BACKEND_ENDPOINT/; } location $BACKEND_ENDPOINT/ { rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break; proxy_pass http://$BACKEND_HOST:$BACKEND_PORT/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /radio { return 301 /radio/; } location /radio/ { proxy_pass http://$ICECAST_HOST:$ICECAST_PORT/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } }