server { listen 443 ssl; listen [::]:443 ssl; server_name cockpit.acme.fr; location / { # Required to proxy the connection to Cockpit proxy_pass http://127.0.0.1:9090; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; # Required for web sockets to function proxy_http_version 1.1; proxy_buffering off; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Pass ETag header from Cockpit to clients. # See: https://github.com/cockpit-project/cockpit/issues/5239 gzip off; } ssl_certificate /etc/letsencrypt/live/cockpit.acme.fr/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/cockpit.acme.fr/privkey.pem; # managed by Certbot } server { if ($host = cockpit.acme.fr) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name cockpit.acme.fr; return 404; # managed by Certbot }