Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
upstream backend {
# HTTPS Server
server {
listen external.ip.address ssl http2;
# You can increase the limit if your need to.
client_max_body_size 200M;
access_log /var/log/nginx/rocketchat.access.log;
error_log /var/log/nginx/rocketchat.error.log;
ssl on;
#ssl_certificate /etc/nginx/certificate.crt;
#ssl_certificate_key /etc/nginx/certificate.key;
ssl_certificate /etc/dehydrated/certs/;
ssl_certificate_key /etc/dehydrated/certs/;
ssl_trusted_certificate /etc/dehydrated/certs/;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
location / {
proxy_pass http://backend/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment