server {
    server_name gm.atmt.me;
    listen 80;
    return 301 https://gm.atmt.me$request_uri;
}

server {
    listen 443 ssl;
    server_name gm.atmt.me;

    ssl_certificate /etc/letsencrypt/live/gm.atmt.me/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/gm.atmt.me/privkey.pem;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security max-age=15768000;


    location ~ /.well-known {
        allow all;
        root /var/www/html/;
    }

    location / {
        proxy_pass http://127.0.0.1:8055;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
    }

    # Redirect server error pages to the static page /50x.html
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }
 
    #error_page  404     /404.html;
 
    # Exclude favicon from the logs to avoid bloating when it's not available
    location /favicon.ico {
        log_not_found   on;
        access_log      off;
    }
}