Added scrypted role.
server {
listen 80;
server_name {{nginx_server_name}};
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name {{nginx_server_name}};
ssl_certificate {{nginx_ssl_cert}};
ssl_certificate_key {{nginx_ssl_privkey}};
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
gzip on;
gzip_types
application/javascript
application/x-javascript
application/json
application/rss+xml
application/xml
image/svg+xml
image/x-icon
application/vnd.ms-fontobject
application/font-sfnt
text/css
text/plain;
gzip_min_length 256;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_vary on;
location ~ ^/.well-known/(webfinger|nodeinfo|host-meta) {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://127.0.0.1:{{nginx_proxy_port}};
proxy_redirect off;
}
location ~ ^/(css|img|js|fonts)/ {
root {{nginx_static_content}};
# Optionally cache these files in the browser:
# expires 12M;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://127.0.0.1:{{nginx_proxy_port}};
proxy_redirect off;
}
}