server { listen 80; location / { proxy_pass http://localhost:8080/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } #### When using Let's Encrypt Only #### location /.well-known/acme-challenge/ { root /var/www/montana2000.ddns.net; } location /owncloud { proxy_pass http://localhost:8088/owncloud; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } server { listen 84; server_name montana2000.ddns.net; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name montana2000.ddns.net; ssl_certificate /etc/letsencrypt/live/montana2000.ddns.net/fullchain.pem; # or /etc/ssl/openhab.crt ssl_certificate_key /etc/letsencrypt/live/montana2000.ddns.net/privkey.pem; # or /etc/ssl/openhab.key #add_header Strict-Transport-Security "max-age=31536000"; # Remove if using self-signed and are having trouble. location / { proxy_pass http://localhost:8080/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; satisfy any; allow 192.168.0.0/24; allow 127.0.0.1; deny all; auth_basic "Username and Password Required"; auth_basic_user_file /etc/nginx/.htpasswd; } location /owncloud { proxy_pass http://localhost:8088/owncloud; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; satisfy any; allow 192.168.0.0/24; allow 127.0.0.1; } #### When using Let's Encrypt Only #### location /.well-known/acme-challenge/ { root /var/www/montana2000.ddns.net; } }