server {
    listen 80;
    listen [::]:80;
    listen 443;
    listen [::]:443;

    # Enable this if your want HSTS (recommended)
    add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
    add_header X-Frame-Options SAMEORIGIN;
    add_header Content-Security-Policy upgrade-insecure-requests;
    add_header X-Xss-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;

    server_name something.example.org;

# NOTE: For X-Real-IP & X-Forwarded-For see ../conf.d/rproxy.conf
# Behind CloudFlare see ../conf.d/cloudflare.conf

location / {
    proxy_pass http://localhost:8080/;
    }
}