upstream unifi {
    server 172.16.60.99:8443;
    keepalive 64;
}
# bedoelt voor een unifi controller
server {
    #listen 443 ssl http2;
    # nee ik gebruik geen ipv4 meer op de internet kant
    # if you need IPv6:
     listen [::]:443 ssl http2;
    server_name unifi.blablabla;
    access_log /var/log/nginx/unifi-access.log combined;
    error_log /var/log/nginx/unifi-error.log info;
    http2_push_preload on; # Enable HTTP/2 Server Push

    ssl_certificate /etc/letsencrypt/live/uniifi.blablabla/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/unifi.blablabla/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    add_header Strict-Transport-Security max-age=15768000;
    ssl_stapling on;
    ssl_stapling_verify on;
    
     location / {

        proxy_pass https://unifi;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        include /etc/nginx/proxy_params;
        proxy_buffers 256 16k;
        proxy_buffer_size 16k;
        proxy_read_timeout 600s;
	proxy_ssl_verify off;
        proxy_http_version 1.1;
    }
}