plesk nginx

upstream https_backend__plesk_domain_com {
    server 10.0.1.11:8443;
}

server {
    listen *:80; allow all;

    server_name reseller.domain.com;

    location ^~ /.well-known/acme-challenge/ {
      alias /var/www/acme-challenge/;
    }

    if ($host = reseller.domain.com) {
        return 301 https://$host$request_uri;
    }
}

server {
    ssl on;
    ssl_certificate /etc/letsencrypt/live/reseller.domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/reseller.domain.com/privkey.pem; # managed by Certbot

    ssl_stapling on;
    ssl_stapling_verify on;


    listen *:443 ssl http2; allow all;

    server_name reseller.domain.com;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    location / {
        send_timeout 3600;
        proxy_ssl_verify              off;

        proxy_read_timeout 3600;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-LB-Server $hostname;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-SSL 1;
        proxy_set_header HTTPS ON;

        proxy_pass https://https_backend__plesk_domain_com;
    }
}