worker_processes  1;

events {
    worker_connections  1024;
}

    server {
    listen 443 default_server ssl;
    server_name somehost.com;
    access_log off;
    ssl on;
    ssl_certificate /somepath/bundle.crt;
    ssl_certificate_key /somepath/private.key;
    ssl_session_timeout 24h;
    ssl_session_cache shared:SSL:2m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers kEECDH+AES128:kEECDH:kEDH:-3DES:kRSA+AES128:kEDH+3DES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2;
    ssl_prefer_server_ciphers on;
    add_header Strict-Transport-Security "max-age=31536000;";
    add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report";

     client_max_body_size 32m;

       location / {
        proxy_pass http://127.0.0.1:80/;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   Host $host;
        proxy_set_header   X-Forwarded-For $remote_addr;
        }
}