cryptocode/gist:c7d63216902615a06fea6e5c948960d2

## gistfile1.txt
Below is a sample /etc/nginx/sites-available/default configuration for using nginx as a reverse proxy for the Nano Pow Server

When doing this on a VPS, it's almost always necessary to increase the maximum open file limit.

Replace port numbers, backend host/ip and domain names as necessary.

======================= /etc/nginx/sites-available/default =======================

server {

    server_name mydomain.org; # managed by Certbot

    # For wss:// requests to /websocket, set upgrade header and pass to backend
    location /websocket {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;

        proxy_pass http://ws-backend;

        proxy_ssl_certificate /etc/letsencrypt/live/mydomain.org/fullchain.pem; # managed by Certbot
        proxy_ssl_certificate_key /etc/letsencrypt/live/mydomain.org/privkey.pem; # managed by Certbot

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    # Pass HTTPS requests to backend
    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        # Fix the “It appears that your reverse proxy set up is broken" error.
        proxy_pass          http://localhost:8076;
        proxy_read_timeout  90;

        proxy_redirect      http://localhost:8076 https://mydomain.org;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mydomain.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

# WebSocket backends. If you add load balancing, look into the ip_hash flag (sticky sessions)
upstream ws-backend {
    server localhost:8076;
}
	Below is a sample /etc/nginx/sites-available/default configuration for using nginx as a reverse proxy for the Nano Pow Server

	When doing this on a VPS, it's almost always necessary to increase the maximum open file limit.

	Replace port numbers, backend host/ip and domain names as necessary.

	======================= /etc/nginx/sites-available/default =======================

	server {

	server_name mydomain.org; # managed by Certbot

	# For wss:// requests to /websocket, set upgrade header and pass to backend
	location /websocket {
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $host;

	proxy_pass http://ws-backend;

	proxy_ssl_certificate /etc/letsencrypt/live/mydomain.org/fullchain.pem; # managed by Certbot
	proxy_ssl_certificate_key /etc/letsencrypt/live/mydomain.org/privkey.pem; # managed by Certbot

	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	}

	# Pass HTTPS requests to backend
	location / {
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;

	# Fix the “It appears that your reverse proxy set up is broken" error.
	proxy_pass http://localhost:8076;
	proxy_read_timeout 90;

	proxy_redirect http://localhost:8076 https://mydomain.org;
	}

	listen [::]:443 ssl ipv6only=on; # managed by Certbot
	listen 443 ssl; # managed by Certbot
	ssl_certificate /etc/letsencrypt/live/mydomain.org/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/mydomain.org/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
	}

	# WebSocket backends. If you add load balancing, look into the ip_hash flag (sticky sessions)
	upstream ws-backend {
	server localhost:8076;
	}