server {
  listen      443;
  server_name <%= @server_name %> <%= @aliases %>;

  ssl on;
  ssl_certificate     /etc/letsencrypt/live/<%= @server_name %>/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/<%= @server_name %>/privkey.pem;

  # enable HSTS header
  add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";

  location / {
    # preserve http header and set forwarded proto
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Proto https;

    # default proxy pass
    proxy_pass       http://<%= @backend %>:80;
  }
}