server { listen 443 ssl default_server; http2 on; server_name _; ssl_certificate /etc/letsencrypt/live/__DOMAIN__/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/__DOMAIN__/privkey.pem; ssl_reject_handshake on; } server { listen 443 ssl; http2 on; server_name __DOMAIN__; ssl_certificate /etc/letsencrypt/live/__DOMAIN__/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/__DOMAIN__/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=15552000" always; include /etc/nginx/snippets/proxy-routes.conf; }