Security

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    
    # Domain name this server will listen on
    server_name  example.com www.example.com;

    listen 443 ssl;

	# Path to certificate pair
    ssl_certificate /etc/nginx/tls/cert.pem;
    ssl_certificate_key /etc/nginx/tls/key.pem;
    
    # Set TLS protocols and ciphers
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    # Redirect non-https traffic to https
    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    }
    
    # Redirect to floating server,
    # make sure to set port to the one floating server is listening on
    location / {
    	proxy_set_header X-Real-IP $remote_addr;
      	proxy_set_header REMOTE_ADDR $remote_addr;
      	proxy_set_header Host $host;
      	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      	proxy_set_header X-Forwarded-Proto https
        
        proxy_pass http://127.0.0.1:8080;
    }
}