server { listen 443 ssl; server_name waste.dev.xplwd.com; # TLS managed by certbot / your cert provider ssl_certificate /etc/letsencrypt/live/waste.dev.xplwd.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/waste.dev.xplwd.com/privkey.pem; root /var/www/waste-web; index index.html; # Runtime config (host-specific; not in git) location = /config.js { try_files $uri =204; add_header Cache-Control "no-cache"; } # WebSocket signaling → waste anchor location /ws { proxy_pass http://127.0.0.1:8080; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_read_timeout 3600s; } # SPA — serve index.html for all non-asset paths location / { try_files $uri $uri/ /index.html; add_header Cache-Control "no-cache"; } # Immutable hashed assets location /assets/ { add_header Cache-Control "public, max-age=31536000, immutable"; } } server { listen 80; server_name waste.dev.xplwd.com; return 301 https://$host$request_uri; }