upstream web { server web:8000; } server { listen [::]:80; listen 80; server_name your-domain.com www.your-domain.com; location ~ /.well-known/acme-challenge { allow all; root /var/www/certbot; } # redirect http to https return 301 https://your-domain.com$request_uri; } server { listen [::]:443 ssl http2; listen 443 ssl http2; server_name your-domain.com; # SSL code ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem; location ~ /.well-known/acme-challenge { allow all; root /var/www/certbot; } location / { proxy_pass http://web; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_redirect off; } location /images/ { alias /app/images/; } location /static/ { alias /app/static/; } }