server {
    # touch /etc/nginx/include/warden.phares.duckdns.org
    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/warden.phares.duckdns.org.key -out /etc/nginx/include/warden.phares.duckdns.org.crt -config /etc/nginx/include/warden.phares.duckdns.org
    ssl_certificate /root/.acme.sh/wild-phares/fullchain.cer;
    # ssl_certificate /root/.acme.sh/wild-phares/phares.duckdns.org.cer;
    ssl_certificate_key /root/.acme.sh/wild-phares/phares.duckdns.org.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    listen 443 ssl http2;
    # server_tokens off;
    # ssl_ciphers ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-CCM:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-CCM:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;
    # ssl_prefer_server_ciphers on;
    # ssl_session_tickets off;
    # ssl_session_timeout 1d;
    # ssl_session_cache shared:SSL:10m;
    # ssl_buffer_size 8k;
    # # ssl_stapling on;
    # ssl_stapling off;
    # ssl_stapling_verify on;
    # add_header X-Content-Type-Options nosniff;
    # add_header Content-Security-Policy "object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; frame-ancestors 'self';";
    # add_header Strict-Transport-Security "max-age=15552001; includeSubdomains; preload";
    server_name warden.phares.duckdns.org;
    client_max_body_size 5000m;
    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        # proxy_pass              http://10.147.229.6:8000/;
        proxy_pass              https://192.168.11.2:5008/;
        proxy_read_timeout      600s;
        proxy_send_timeout      600s;
    }
}