# redirect http to https server { listen [::]:80 ipv6only=off; server_name {{fqdn}}; # Cross-Origin Resource Sharing add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow_Credentials' 'true' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range' always; add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH' always; location / { proxy_pass http://localhost:8080/; proxy_redirect http:// https://; proxy_buffering off; # openHAB supports non-buffering specifically for SSEs now proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 3600; auth_basic "Openhab"; auth_basic_user_file /etc/nginx/htpasswd; } location /logs/ { proxy_pass http://localhost:9001/; sub_filter_once off; sub_filter_types text/html; sub_filter 'href="/' 'href="/logs/'; sub_filter 'src="/' 'src="/logs/'; sub_filter "path: '/socket.io'" "path: '/logs/socket.io'"; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; auth_basic "Openhab"; auth_basic_user_file /etc/nginx/htpasswd; } }