server {
  index index.html;

  # replace with sub-domain
  server_name DOMAIN;

  location / {
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_redirect off;
    proxy_buffering off;
    # replace the port that's used for the internal app
    proxy_pass http://127.0.0.1:PORT;
  }
  # temporary files required for certbot
  location /.well_known/ {
    # replace with root for temp files (usually /var/www/html/)
    root MY_ROOT;
  }

  listen 80;
  listen [::]:80;
}