server {

    listen 80;

    server_name {{nginx_server_name}};

    return 301 https://$host$request_uri;

}

server {

    listen 443 ssl http2;

    server_name {{nginx_server_name}};

    ssl_certificate {{nginx_ssl_cert}};

    ssl_certificate_key {{nginx_ssl_privkey}};

    ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;

    gzip on;

    gzip_types

      application/javascript

      application/x-javascript

      application/json

      application/rss+xml

      application/xml

      image/svg+xml

      image/x-icon

      application/vnd.ms-fontobject

      application/font-sfnt

      text/css

      text/plain;

    gzip_min_length 256;

    gzip_comp_level 5;

    gzip_http_version 1.1;

    gzip_vary on;

    location ~ ^/.well-known/(webfinger|nodeinfo|host-meta) {

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $remote_addr;

        proxy_pass http://127.0.0.1:{{nginx_proxy_port}};

        proxy_redirect off;

    }

    location ~ ^/(css|img|js|fonts)/ {

        root {{nginx_static_content}};

        # Optionally cache these files in the browser:

        # expires 12M;

    }

    location / {

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $remote_addr;

        proxy_pass http://127.0.0.1:{{nginx_proxy_port}};

        proxy_redirect off;

    }

}