# Speech nginx configuration server { listen 80; server_name sub.domain.com; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/sub.domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/sub.domain.com/privkey.pem; ssl_session_cache shared:SSL:20m; ssl_session_timeout 1440m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; # Using list of ciphers from https://github.com/cloudflare/sslconfig ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; # if letsencrypt is not working, this is probably preventing it from getting to .well-known if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } # gzip_static on; # gzip_http_version 1.0; access_log /var/log/nginx/speech_nginx_access_log; error_log /var/log/nginx/speech_nginx_error_log; location / { proxy_read_timeout 5m; proxy_pass http://127.0.0.1:3000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header Host $host; proxy_pass_header Server; } }