default nginx config
server { listen 80; listen [::]:80; index index.html index.htm; root /usr/share/nginx/html; server_name restuwahyu-tech.com www.restuwahyu-tech.com; return 301 https://$host$request_uri; location / { proxy_pass http://nodejs:8080; } location ~ /.well-known/acme-challenge{ allow all; root /usr/share/nginx/html; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name restuwahyu-tech.com; index index.html index.htm; root /usr/share/nginx/html; access_log /var/logs/nginx/access; error_log /var/logs/nginx/error; ssl_certificate /etc/nginx/ssl/live/restuwahyu-tech.com/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/live/restuwahyu-tech.com/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_dhparam /etc/nginx/dhparam/dhparam-2048.pem; ssl_buffer_size 8k; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_stapling on; ssl_stapling_verify on; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always; add_header Strict-Transport-Security "max-age=63072000" always; resolver 9.9.9.9; resolver_timeout 2s; location / { proxy_pass http://nodejs:8080; }