nginx.conf.example

upstream app_server {
  # for TCP setups, point these to your backend servers
  server 127.0.0.1:4000 fail_timeout=0;
}

server {
  listen 80;
  server_name example.com;
  rewrite     ^   https://$host$request_uri? permanent;
}

server {
  # enable one of the following if you're on Linux or FreeBSD
  # listen 80 default deferred; # for Linux
  # listen 80 default accept_filter=httpready; # for FreeBSD
  listen 443 ssl;

  # If you have IPv6, you'll likely want to have two separate listeners.
  # One on IPv4 only (the default), and another on IPv6 only instead
  # of a single dual-stack listener.  A dual-stack listener will make
  # for ugly IPv4 addresses in $remote_addr (e.g ":ffff:10.0.0.1"
  # instead of just "10.0.0.1") and potentially trigger bugs in
  # some software.
  # listen [::]:80 ipv6only=on; # deferred or accept_filter recommended

  client_max_body_size 4G;
  server_name example.com;

  ssl on;
  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

  # ~2 seconds is often enough for most folks to parse HTML/CSS and
  # retrieve needed images/icons/frames, connections are cheap in
  # nginx so increasing this is generally safe...
  keepalive_timeout 5;


  location / {
    proxy_http_version 1.1;
    # an HTTP header important enough to have its own Wikipedia entry:
    #   http://en.wikipedia.org/wiki/X-Forwarded-For
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header Host $http_host;
    proxy_set_header X-Cluster-Client-Ip $remote_addr;

    # The Important Websocket Bits!
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    # we don't want nginx trying to do something clever with
    # redirects, we set the Host: header above already.
    proxy_redirect off;

    proxy_pass http://app_server;
  }
}