server { listen *:80; server_name om.example.org; access_log off; autoindex off; location ^~ /.well-known/acme-challenge/ { default_type "text/plain"; root /var/www; } location = /.well-known/acme-challenge/ { return 404; } location / { return 301 https://$host$request_uri; } } server { listen 127.0.0.1:4443 ssl http2; server_name om.example.org; ssl_certificate /etc/nginx/ssl/om.example.org.pem; ssl_certificate_key /etc/nginx/ssl/om.example.org.key; client_max_body_size 8m; charset utf-8; underscores_in_headers on; chunked_transfer_encoding off; access_log /var/log/nginx/om.example.org.access_log main; error_log /var/log/nginx/om.example.org.error_log warn; location ~ /\.ht { deny all; } location /public/ { root /opt/openmeetings/webapps/openmeetings; } location /css/ { root /opt/openmeetings/webapps/openmeetings; } location /docs/ { root /opt/openmeetings/webapps/openmeetings; } location /images/ { root /opt/openmeetings/webapps/openmeetings; } location /js/ { root /opt/openmeetings/webapps/openmeetings; } location / { set $referer $http_header; if ($http_referer ~ '^https://om.example.org(/.*)$') { set $referer http://om.example.org:5080$1; } if ($http_referer ~ '^http://om.example.org(/.*)$') { set $referer http://om.example.org:5080$1; } proxy_pass http://127.0.0.1:5080/openmeetings/; proxy_redirect http://127.0.0.1:5080/openmeetings/ $scheme://$host/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Host $host:5080; proxy_set_header Origin http://$host:5080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Referer $referer; proxy_cookie_path / "/; secure"; } location /openmeetings/wicket/websocket { proxy_pass http://127.0.0.1:5080; proxy_set_header host $host; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }