example_nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	server_names_hash_bucket_size 128;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
	server {
		listen 80;
		listen [::]:80;
		server_name console.minio.flaschenpost.deutsches-meeresmuseum.de; # TODO : Change me!
		location ^~ /.well-known/acme-challenge {
			root /var/www/letsencrypt;
		}
		location / {
			return 301 https://$server_name$request_uri;
		}
	}
	server {
		listen 443 ssl;
		listen [::]:443 ssl;
		server_name console.minio.flaschenpost.deutsches-meeresmuseum.de; # TODO: Change me!
		ssl_certificate /etc/letsencrypt/live/console.minio.flaschenpost.deutsches-meeresmuseum.de/fullchain.pem; # TODO: Make sure you add your own cert file here!
		ssl_certificate_key /etc/letsencrypt/live/console.minio.flaschenpost.deutsches-meeresmuseum.de/privkey.pem; # TODO: Make sure you add your own key file here!
		ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
		ssl_ciphers         HIGH:!aNULL:!MD5;
		location / {
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header X-Forwarded-Proto $scheme;
			proxy_set_header Host $http_host;

			proxy_connect_timeout 300;
			# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
			proxy_http_version 1.1;
			proxy_set_header Connection "";
			chunked_transfer_encoding off;
			proxy_pass https://127.0.0.1:35187;
		}
	}
	server {
		listen 80;
		listen [::]:80;
		server_name minio.flaschenpost.deutsches-meeresmuseum.de; # TODO : Change me!
		location ^~ /.well-known/acme-challenge/ {
			root /var/www/letsencrypt;
		}
		location / {
                        return 301 https://$server_name$request_uri;
                }
	}
	server {
		listen 443 ssl;
		listen [::]:443 ssl;
		server_name minio.flaschenpost.deutsches-meeresmuseum.de; # TODO: Change me!
		ssl_certificate /etc/letsencrypt/live/console.minio.flaschenpost.deutsches-meeresmuseum.de/fullchain.pem; # TODO: Make sure you add your own cert file here!
		ssl_certificate_key /etc/letsencrypt/live/console.minio.flaschenpost.deutsches-meeresmuseum.de/privkey.pem; # TODO: Make sure you add your own key file here!
		ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
		ssl_ciphers         HIGH:!aNULL:!MD5;
		location / {
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header X-Forwarded-Proto $scheme;
			proxy_set_header Host $http_host;

			proxy_connect_timeout 300;
			# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
			proxy_http_version 1.1;
			proxy_set_header Connection "";
			chunked_transfer_encoding off;
			proxy_pass https://127.0.0.1:9000;
		}
	}
	server {
		listen 80;
		listen [::]:80;
		server_name flaschenpost.deutsches-meeresmuseum.de; # TODO : Change me!
		client_max_body_size 200M;
		location ^~ /.well-known/acme-challenge/ {
			root /var/www/letsencrypt;
		}
		location / {
                        return 301 https://$server_name$request_uri;
                }
	}
	server {
		listen 443 ssl;
		listen [::]:443 ssl;
		server_name flaschenpost.deutsches-meeresmuseum.de; # TODO: Change me!
		ssl_certificate /etc/letsencrypt/live/flaschenpost.deutsches-meeresmuseum.de/fullchain.pem; # TODO: Make sure you add your own cert file here!
		ssl_certificate_key /etc/letsencrypt/live/flaschenpost.deutsches-meeresmuseum.de/privkey.pem; # TODO: Make sure you add your own key file here!
		ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
		ssl_ciphers         HIGH:!aNULL:!MD5;
		client_max_body_size 200M;
		location / {
			proxy_pass http://127.0.0.1:3000;
			proxy_http_version 1.1;
    			proxy_set_header Upgrade $http_upgrade;
    			proxy_set_header Connection "upgrade";
    			proxy_set_header Host $host;
    			proxy_set_header X-Real-IP $remote_addr;
    			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    			proxy_set_header X-Forwarded-Proto $scheme;
    			proxy_set_header X-Forwarded-Host $host;
    			proxy_set_header X-Forwarded-Port $server_port;
		}
		location /api {
			proxy_pass http://127.0.0.1:5000;
		}
		location = /cms {
			return 302 /cms/;
		}
		location /cms/ {
			proxy_pass http://127.0.0.1:1337/;
		}
		location /minio {
 			proxy_set_header X-Real-IP $remote_addr;
   			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   			proxy_set_header X-Forwarded-Proto $scheme;
   			proxy_set_header Host $http_host;

   			proxy_connect_timeout 300;
   			# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
   			proxy_http_version 1.1;
   			proxy_set_header Connection "";
   			chunked_transfer_encoding off;
			proxy_pass http://127.0.0.1:9000;
		}
	}
}