1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

server {
  server_name  chat.my-domain.example;

  root /srv/gamja/;

  location /socket {
    proxy_pass http://unix:/run/soju/ws.sock:/socket;
    proxy_read_timeout 600s;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;
  }

    listen [::]:443 ssl http2; # managed by Certbot
    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/chat.my-domain.example/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/chat.my-domain.example/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


    add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
}

server {
    if ($host = chat.my-domain.example) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

  server_name  chat.my-domain.example;

  listen 80;
  listen [::]:80;
    return 404; # managed by Certbot
}