nginx -T nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful # configuration file /etc/nginx/nginx.conf: user nginx; worker_processes auto; error_log /var/log/nginx/debug.log debug; pid /run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; server_tokens off; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*.conf; } # configuration file /etc/nginx/conf.d/auth_misc.conf: proxy_cache_path cache/ keys_zone=auth_cache:10m; # configuration file /etc/nginx/conf.d/default-http.conf: server { listen 80; location /.well-known/acme-challenge/ { root /var/www/certbot; } } # configuration file /etc/nginx/extra/options-ssl.conf: # this is added already by backend servers # add_header Strict-Transport-Security max-age=15768000; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:50m; ssl_session_timeout 5m; ssl_protocols TLSv1.2 TLSv1.3; ssl_dhparam /etc/nginx/extra/ssl-dhparams.pem; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5:!SHA1:!SHA256:!SHA384; server { listen 80; server_name view.mydomain.de; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name view.mydomain.de; ssl_certificate /etc/letsencrypt/live/star.mydomain.de/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/star.mydomain.de/privkey.pem; # I trust the internal network ssl_verify_client off; location / { proxy_pass https://0.0.0.30; } include /etc/nginx/extra/options-ssl.conf; }