2xyo/nginx.conf

## nginx.conf
server {
    listen 80;

    server_name yourwebsite.foo www.yourwebsite.foo;
    root /var/www/yoyo/yourwebsite.foo/public_html;

    location /.well-known/acme-challenge {
        default_type  "text/plain";
        root          /tmp/letsencrypt-auto;
    }

    location / {
        return 301 https://yourwebsite.foo;
    }

    access_log /var/www/yoyo/yourwebsite.foo/logs/nginx_access.log;
    error_log /var/www/yoyo/yourwebsite.foo/logs/nginx_error.log error;

}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2 ipv6only=on;

    server_name yourwebsite.foo;

    # https://bjornjohansen.no/optimizing-https-nginx
    # https://www.wjd.io/lets-encrypt-beta
    ssl_certificate     /etc/letsencrypt/live/yourwebsite.foo/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourwebsite.foo/privkey.pem;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_dhparam /etc/ssl/private/dhparams_4096.pem;

    add_header Strict-Transport-Security "max-age=31536000" always;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    # Content-Security-Policy #TODO

    root /var/www/yoyo/yourwebsite.foo/public_html;

    location = / {
        # Instead of handling the index, just
        # rewrite / to /index.html
        rewrite ^ /index.html;
    }

    location / {
        # Serve a .gz version if it exists
        gzip_static on;
        # Try to serve the clean url version first
        try_files $uri.htm $uri.html $uri =404;
    }

    location = /favicon.ico {
        expires max;
    }

    location ^~ /theme {
        expires max;
    }


    location /reverseproxy/ {
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;

            proxy_pass http://localhost:7778/reverseproxy/;
            proxy_redirect default;

            # Websocket support (from version 1.4)
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
    }

    access_log /var/www/yoyo/yourwebsite.foo/logs/nginx_access.log;
    error_log /var/www/yoyo/yourwebsite.foo/logs/nginx_error.log error;

}
	server {
	listen 80;

	server_name yourwebsite.foo www.yourwebsite.foo;
	root /var/www/yoyo/yourwebsite.foo/public_html;

	location /.well-known/acme-challenge {
	default_type "text/plain";
	root /tmp/letsencrypt-auto;
	}

	location / {
	return 301 https://yourwebsite.foo;
	}

	access_log /var/www/yoyo/yourwebsite.foo/logs/nginx_access.log;
	error_log /var/www/yoyo/yourwebsite.foo/logs/nginx_error.log error;

	}

	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2 ipv6only=on;

	server_name yourwebsite.foo;

	# https://bjornjohansen.no/optimizing-https-nginx
	# https://www.wjd.io/lets-encrypt-beta
	ssl_certificate /etc/letsencrypt/live/yourwebsite.foo/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/yourwebsite.foo/privkey.pem;
	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:10m;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_dhparam /etc/ssl/private/dhparams_4096.pem;

	add_header Strict-Transport-Security "max-age=31536000" always;
	add_header X-Frame-Options SAMEORIGIN;
	add_header X-Content-Type-Options nosniff;
	add_header X-XSS-Protection "1; mode=block";
	# Content-Security-Policy #TODO

	root /var/www/yoyo/yourwebsite.foo/public_html;

	location = / {
	# Instead of handling the index, just
	# rewrite / to /index.html
	rewrite ^ /index.html;
	}

	location / {
	# Serve a .gz version if it exists
	gzip_static on;
	# Try to serve the clean url version first
	try_files $uri.htm $uri.html $uri =404;
	}

	location = /favicon.ico {
	expires max;
	}

	location ^~ /theme {
	expires max;
	}


	location /reverseproxy/ {
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;

	proxy_pass http://localhost:7778/reverseproxy/;
	proxy_redirect default;

	# Websocket support (from version 1.4)
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	}

	access_log /var/www/yoyo/yourwebsite.foo/logs/nginx_access.log;
	error_log /var/www/yoyo/yourwebsite.foo/logs/nginx_error.log error;

	}