server {
    # touch /etc/nginx/include/cockpit.affirm.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/cockpit.affirm.duckdns.org.key -out /etc/nginx/include/cockpit.affirm.duckdns.org.crt -config /etc/nginx/include/cockpit.affirm.duckdns.org
    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    server_name cockpit.affirm.duckdns.org;
    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_pass              https://127.0.0.1:9090/;
        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        gzip off;
    }
}