map $ssl_preread_server_name $name { chat.signal.org signal-service; ud-chat.signal.org signal-service; storage.signal.org storage-service; cdn.signal.org signal-cdn; cdn2.signal.org signal-cdn2; cdn3.signal.org signal-cdn3; cdsi.signal.org cdsi; contentproxy.signal.org content-proxy; sfu.voip.signal.org sfu; svr2.signal.org svr2; updates.signal.org updates; updates2.signal.org updates2; kp2pml30.moe self; git.kp2pml30.moe self; default deny; } upstream signal-service { server chat.signal.org:443; } upstream storage-service { server storage.signal.org:443; } upstream signal-cdn { server cdn.signal.org:443; } upstream signal-cdn2 { server cdn2.signal.org:443; } upstream signal-cdn3 { server cdn3.signal.org:443; } upstream cdsi { server cdsi.signal.org:443; } upstream content-proxy { server contentproxy.signal.org:443; } upstream sfu { server sfu.voip.signal.org:443; } upstream svr2 { server svr2.signal.org:443; } upstream updates { server updates.signal.org:443; } upstream updates2 { server updates2.signal.org:443; } upstream deny { server 127.0.0.1:9; } upstream self { server 127.0.0.1:80; } upstream forgejo { server 127.0.0.1:3000; } server { listen 443 ssl; server_name pr.kp2pml30.moe; proxy_pass $name; ssl_preread on; ssl_certificate /var/lib/acme/kp2pml30.moe/fullchain.pem; ssl_certificate_key /var/lib/acme/kp2pml30.moe/key.pem; ssl_trusted_certificate /var/lib/acme/kp2pml30.moe/chain.pem; } server { listen 443 ssl; server_name kp2pml30.moe git.kp2pml30.moe; proxy_pass self; ssl_certificate /var/lib/acme/kp2pml30.moe/fullchain.pem; ssl_certificate_key /var/lib/acme/kp2pml30.moe/key.pem; ssl_trusted_certificate /var/lib/acme/kp2pml30.moe/chain.pem; }