cat > /etc/nginx/sites-available/default << EOF server { listen 80; server_name ${ORIGIN_DOMAIN}; location /.well-known/acme-challenge/ { root /var/www/certbot; } location / { return 301 https://\$host\$request_uri; } } server { listen 443 ssl http2; server_name ${ORIGIN_DOMAIN}; ssl_certificate /etc/nginx/ssl/${ORIGIN_DOMAIN}/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/${ORIGIN_DOMAIN}/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; location /uploadfiles/ { proxy_pass http://127.0.0.1:4443; proxy_http_version 1.1; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_buffering off; proxy_request_buffering off; proxy_read_timeout 3600s; proxy_send_timeout 3600s; } location / { root /var/www/stub; index index.html; } } EOF