mcnaveen/freshrss.conf

## freshrss.conf
upstream freshrss {
	server 127.0.0.1:3500;
	keepalive 64;
}

server {

    listen 80;
    listen [::]:80;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name sub.domain.com;

    # Redirect HTTP to HTTPS - Remove this if you are Not Configuring SSL for your Site
    if ($scheme = http) {
       return 301 https://$server_name$request_uri;
   }

    access_log  /var/log/nginx/horoscope-access.log;
    error_log   /var/log/nginx/horoscope-error.log;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://freshrss;
        proxy_http_version 1.1;
        proxy_set_header Connection '';
        chunked_transfer_encoding off;
        proxy_buffering off;
        proxy_cache off;
        proxy_hide_header X-powered-by;
    }

    client_max_body_size 70m;

    ssl_certificate /etc/letsencrypt/live/sub.domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/sub.domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    add_header Strict-Transport-Security max-age=63072000;
    add_header X-XSS-Protection "1; mode=block";
    # add_header X-Frame-Options SAMEORIGIN;
    # add_header X-Content-Type-Options nosniff;

}
	upstream freshrss {
	server 127.0.0.1:3500;
	keepalive 64;
	}

	server {

	listen 80;
	listen [::]:80;
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	server_name sub.domain.com;

	# Redirect HTTP to HTTPS - Remove this if you are Not Configuring SSL for your Site
	if ($scheme = http) {
	return 301 https://$server_name$request_uri;
	}

	access_log /var/log/nginx/horoscope-access.log;
	error_log /var/log/nginx/horoscope-error.log;

	location / {
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header Host $http_host;
	proxy_pass http://freshrss;
	proxy_http_version 1.1;
	proxy_set_header Connection '';
	chunked_transfer_encoding off;
	proxy_buffering off;
	proxy_cache off;
	proxy_hide_header X-powered-by;
	}

	client_max_body_size 70m;

	ssl_certificate /etc/letsencrypt/live/sub.domain.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/sub.domain.com/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
	add_header Strict-Transport-Security max-age=63072000;
	add_header X-XSS-Protection "1; mode=block";
	# add_header X-Frame-Options SAMEORIGIN;
	# add_header X-Content-Type-Options nosniff;

	}