upstream rmt { server localhost:4224; } server { listen 443 ssl; server_name rmt; access_log /var/log/nginx/rmt_https_access.log; error_log /var/log/nginx/rmt_https_error.log; root /usr/share/rmt/public; ssl_certificate /usr/share/rmt/ssl/rmt-server.crt; ssl_certificate_key /usr/share/rmt/ssl/rmt-server.key; ssl_protocols TLSv1.2 TLSv1.3; location / { try_files $uri/index.html $uri.html $uri @rmt_app; autoindex off; } location /repo { autoindex on; } location @rmt_app { proxy_pass http://rmt; proxy_redirect off; proxy_read_timeout 600; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Real-IP $remote_addr; } # An alias to RMT CA certificate, so that it can be downloaded to client machines. location /rmt.crt { alias /usr/share/rmt/ssl/rmt-ca.crt; } }