shell-things/etc/nginx/sites-enabled/rproxy.nginx

server {
	listen      80;
	listen      [::]:80;
	listen      443;
	listen      [::]:443;
	# Enable this if your want HSTS (recommended)
	add_header  Strict-Transport-Security
		"max-age=15552000; includeSubdomains; preload";
	add_header  X-Frame-Options SAMEORIGIN;
	add_header  Content-Security-Policy upgrade-insecure-requests;
	add_header  X-Xss-Protection "1; mode=block" always;
	add_header  X-Content-Type-Options "nosniff" always;
	server_name something.example.org;

	# NOTE: For X-Real-IP & X-Forwarded-For see ../conf.d/rproxy.conf
	# Behind CloudFlare see ../conf.d/cloudflare.conf
	location / {
		proxy_pass http://localhost:8080;
	}
}