server { listen 0.0.0.0:80; listen [::]:80; server_name .teletekst.xn--jha.ga; return 301 https://teletekst.xn--jha.ga$request_uri; port_in_redirect off; server_name_in_redirect off; } server { listen 0.0.0.0:443 ssl http2; listen [::]:443 ssl http2; ssl_certificate /etc/letsencrypt/live/teletekst.xn--jha.ga/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/teletekst.xn--jha.ga/privkey.pem; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security "max-age=604800"; index index.html; server_name .teletekst.xn--jha.ga; root /var/www/teletekst.xn--jha.ga; location / { set $cors ''; set $both_conditions ""; add_header "x-debug-location-gse" "triggered"; if ($http_origin ~ \.?xn--jha\.ga$) { set $cors 'true'; set $both_conditions "P"; add_header "x-debug-http-origin-check" "passed"; } if ($cors = 'true') { add_header "Access-Control-Allow-Origin" $http_origin always; add_header "Access-Control-Allow-Credentials" "true" always; add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always; add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; } if ($request_method = 'OPTIONS') { set $both_conditions "${both_conditions}D"; } if ($both_conditions = PD) { add_header "Access-Control-Allow-Origin" $http_origin always; add_header "Access-Control-Allow-Credentials" "true" always; add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always; add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; add_header 'Access-Control-Max-Age' -1; add_header 'Content-Type' 'text/plain charset=UTF-8'; add_header 'Content-Length' 0; return 204; } try_files $uri $uri/ @backend; } location @backend { proxy_pass https://localhost:27443; proxy_set_header Host teletext.rtvslo.si; proxy_set_header Referer https://teletext.rtvslo.si/; proxy_set_header X-Forwarded-For $remote_addr; } }