server {
        location / {
                proxy_pass http://127.0.0.1:80/;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Host $server_name;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $http_connection;
                #client_max_body_size 0;
        }

        server_name FQDN;
        listen [::]:443 ssl http2;
        listen 443 ssl http2;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_certificate /etc/letsencrypt/live/FQDN/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/FQDN/privkey.pem;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        #include snippets/custom-error.conf;

        # HSTS (ngx_http_headers_module is required) (63072000 seconds)
        add_header Strict-Transport-Security "max-age=63072000" always;

        # OCSP stapling
        ssl_stapling on;
        ssl_stapling_verify on;
}

server {
        if ($host = FQDN) {
                return 301 https://$host$request_uri;
        }

        server_name FQDN;
        listen 80;
        listen [::]:80;
}