# Pastebin zajUQq68
upstream ws_bootstrap {
    server 127.0.0.1:4002;
}

  
server {
    server_name us-east-2a.ipfs.tallylab.com;
    access_log /var/log/nginx/access.log;
    listen 4003 ssl;
    listen [::]:4003 ssl;
    ssl_certificate /etc/letsencrypt/live/us-east-2a.ipfs.tallylab.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/us-east-2a.ipfs.tallylab.com/privkey.pem;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/us-east-2a.ipfs.tallylab.com/fullchain.pem;
    # HSTS (ngx_http_headers_module is required)
    # 31536000 seconds = 12 months, as advised by hstspreload.org
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
    location / {
        proxy_set_header Host \$host:4003;
        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection \$http_connection;
        proxy_set_header Sec-WebSocket-Key \$http_sec_websocket_key;
        proxy_set_header Sec-WebSocket-Extensions \$http_sec_websocket_extensions;
        proxy_set_header Sec-WebSocket-Version \$http_sec_websocket_version;
        proxy_pass http://ws_bootstrap;
        proxy_pass_header Server;
        proxy_read_timeout 60s;
    }
}