http { ssl_certificate CERT_PATH; ssl_certificate_key CERT_PATH; ssl_session_timeout 1d; ssl_session_cache shared:TWCSSL:10m; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; proxy_set_header Host $host; upstream webapp { ip_hash; server 127.0.0.1:8443; } upstream authserver { ip_hash; server 127.0.0.1:8555; } upstream rest { ip_hash; server 127.0.0.1:8111; } server { listen WEBAPP_IP:443 ssl; location /webapp { proxy_pass https://webapp; } location /authentication { proxy_pass https://authserver; } location /osmc { proxy_pass https://rest; } } }