# zet deze in je /etc/nginx/sites-enabled/

upstream ha1 {
# ipnummer van je ha
    server IP-VULHIERIN:8123;
    keepalive 64;
}

server {
    listen 443 ssl http2;
    # if you need IPv6:
     listen [::]:443 ssl http2;
    server_name ha.jehostnaaam.nl; 
    access_log /var/log/nginx/ha-access.log combined;
    error_log /var/log/nginx/ha-error.log info;
    http2_push_preload on; # Enable HTTP/2 Server Push

#aanpassen hieronder
    ssl_certificate /etc/letsencrypt/live/ha.jehostnaam.nl/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ha.jehostnaam.nl/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;

    add_header Strict-Transport-Security max-age=15768000;
    ssl_stapling on;
    ssl_stapling_verify on;

    location / {
        proxy_pass http://ha1 ;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_cache_bypass $http_upgrade;
    proxy_set_header        X-Real-IP           $remote_addr;
    proxy_set_header        X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header        X-Frame-Options     SAMEORIGIN;

    }
location /api/websocket {
        proxy_pass http://ha1/api/websocket;
        proxy_set_header Host $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

    }

}