nginx.conf

user  root;
worker_processes  2;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
error_log   /home/maarelease/nginx/logs/nginx_error.log crit;

#pid        logs/nginx.pid;
#pid         /home/maarelease/nginx/nginx.pid;

worker_rlimit_nofile 65535;

events {
    use epoll;
    worker_connections  65535;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    gzip  off;
    gzip_comp_level 5;
    gzip_vary on;
    gzip_types
        application/atom+xml
        application/javascript
        application/json
        application/ld+json
        application/manifest+json
        application/rss+xml
        application/vnd.geo+json
        application/vnd.ms-fontobject
        application/x-font-ttf
        application/x-web-app-manifest+json
        application/xhtml+xml
        application/xml
        font/opentype
        image/bmp
        image/svg+xml
        image/x-icon
        text/cache-manifest
        text/css
        text/plain
        text/vcard
        text/vnd.rim.location.xloc
        text/vtt
        text/x-component
        text/x-cross-domain-policy;

    autoindex on;
    autoindex_exact_size off;
    autoindex_localtime on;

    server {
        listen       80;
        server_name  ota.maa.plus;

        gzip on;

        root /home/maarelease/OTA/;
        location / {
        }

        error_page  404              /404.html;
        location = /40x.html {
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
        }
    }

    # HTTPS server
    #
    server {
        listen       443 ssl;
        server_name  ota.maa.plus;

        gzip on;

        ssl_certificate      /home/maarelease/cert/ota.maa.plus_bundle.crt;
        ssl_certificate_key  /home/maarelease/cert/ota.maa.plus.key;

        ssl_session_timeout  5m;

        ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-SHA;
        ssl_protocols TLSv1.3 TLSv1.2;
        ssl_prefer_server_ciphers on;

        root /home/maarelease/OTA;
        add_header Access-Control-Allow-Origin *;
        location / {
        }

        error_page  404              /404.html;
        location = /40x.html {
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
        }
    }

    server {
        listen       443 ssl;
        server_name  prts.maa.plus;

        ssl_certificate      /home/maarelease/cert/prts.maa.plus_bundle.crt;
        ssl_certificate_key  /home/maarelease/cert/prts.maa.plus.key;

        ssl_session_timeout  5m;

        ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-SHA;
        ssl_protocols TLSv1.3 TLSv1.2;
        ssl_prefer_server_ciphers on;

        location ~ {
            proxy_pass http://127.0.0.1:8848;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }
}