server {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name ejabberd.example.com
	            conference.example.com
	            guest.example.com
	            proxy.example.com
	            pubsub.example.com
	            turn.example.com
	            upload.example.com;

	access_log /var/log/nginx/ejabberd.example.com.access_log main;
	error_log /var/log/nginx/ejabberd.example.com.error_log info;

	root /var/www/ejabberd.example.com/htdocs;
}

server {
	listen 127.0.0.1:8443 ssl http2 default_server;
	listen [::1]:8443 ssl http2 default_server;
	server_name ejabberd.example.com
	            conference.example.com
	            guest.example.com
	            proxy.example.com
	            pubsub.example.com
	            turn.example.com
	            upload.example.com;

	ssl_certificate /etc/ssl/nginx/nginx.pem;
	ssl_certificate_key /etc/ssl/nginx/nginx.key;

	access_log /var/log/nginx/ejabberd.example.com.ssl_access_log main;
	error_log /var/log/nginx/ejabberd.example.com.ssl_error_log info;

	root /var/www/ejabberd.example.com/htdocs;

	index index.html index.php;

	location ~* ^/admin/ {
		proxy_pass http://127.0.0.1:5280;
		proxy_set_header Host example.com;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto https;
		proxy_redirect off;
		proxy_buffering off;
	}

	location ~* ^/bosh/ {
		proxy_pass http://127.0.0.1:5280;
		proxy_set_header Host example.com;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto https;
		proxy_redirect off;
		proxy_buffering off;
	}

	location ~* ^/captcha/ {
		proxy_pass http://127.0.0.1:5280;
		proxy_set_header Host example.com;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto https;
		proxy_redirect off;
		proxy_buffering off;
	}

	location ~* ^/register/ {
		proxy_pass http://127.0.0.1:5280;
		proxy_set_header Host example.com;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto https;
		proxy_redirect off;
		proxy_buffering off;
	}

	location ~* ^/upload/ {
		proxy_pass http://127.0.0.1:5280;
		proxy_set_header Host upload.example.com;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto https;
		proxy_redirect off;
		proxy_buffering off;
		client_max_body_size 200M;
	}

	location ~* ^/ws/ {
		proxy_pass http://127.0.0.1:5280;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "Upgrade";
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto https;
		proxy_redirect off;
		proxy_buffering off;
		proxy_read_timeout 86400;
	}
	# CORS
	location ~ .(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$ {
		add_header Access-Control-Allow-Origin "*"; # Decide here whether you want to allow all or only a particular domain
	}
}