server {
	listen				202.61.255.100:443 ssl http2;
	listen				[2a03:4000:55:d1d::]:443 ssl http2;

	server_name			hugz.io up.hugz.io www.hugz.io;

	ssl_certificate			/etc/ssl/hugz/fullchain.pem;
	ssl_certificate_key 		/etc/ssl/hugz/private/privkey.pem;

	ssl_protocols			TLSv1.2 TLSv1.3;
	ssl_ciphers			ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
	ssl_prefer_server_ciphers	off;

	add_header			Strict-Transport-Security "max-age=63072000" always;

	error_page		403 /beauties-ip.html;
	location		= /beauties-ip.html {
		root			/srv/www/error;
		allow			all;
	}

	location		/ {
		proxy_pass		http://192.168.0.120:8922;
		proxy_set_header	X-Forwarded-Proto $scheme;
		proxy_set_header	X-Forwarded-Host $host:$server_port;
		proxy_set_header	X-Forwarded-Server $host;
		proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
		client_max_body_size	200M;
		types {}		default_type "text/plain; charset=utf-8";
		deny			2a01:7e00::f03c:91ff:feae:d55;
		deny			176.58.107.169;
	}

}