server {
  server_name changethis;

    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;
    ssl_certificate /etc/letsencrypt/live/changethis/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/changethis/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    add_header strict_sni on;
    add_header strict_sni_header on;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header Content-Security-Policy upgrade-insecure-requests;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "DENY";
    add_header Clear-Site-Data "cookies";
    add_header Referrer-Policy "no-referrer";
    add_header Permissions-Policy "interest-cohort=(),accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()";
    resolver 1.1.1.1;

    ssl_trusted_certificate /etc/letsencrypt/live/changethis/chain.pem;
    ssl_stapling on;
    ssl_stapling_verify on;

    access_log /dev/null;
    error_log  /dev/null;

   location / {
   proxy_set_header X-Forwarded-For $remote_addr;
   proxy_pass http://localhost:7100;
        }
}

server {
  listen 80;
  listen [::]:80;
  server_name changethis;
  return 301 https://changethis$request_uri;
  }