server { listen 443 ssl default_server; listen [::]:443 ssl default_server; http2 on; ssl_certificate ${prosody_https_cert}; ssl_certificate_key ${prosody_https_key}; ssl_trusted_certificate ${prosody_https_cacert}; add_header Strict-Transport-Security "max-age=63072000" always; location / { proxy_http_version 1.1; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto \$scheme; proxy_pass http://127.0.0.1:${prosody_http_port}; } }