nginx.conf

# nginx.conf with https
server {
    listen 80;
    server_name www.xn--bj0b03z.site;
    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name www.xn--bj0b03z.site;
    server_tokens off;

    root /usr/share/nginx/html;
    index index.html;

    client_max_body_size 0;

    ssl_certificate /etc/letsencrypt/live/www.xn--bj0b03z.site/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.xn--bj0b03z.site/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;     

    location /api {
        proxy_pass  http://was:3000;
        proxy_set_header    Host                $http_host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
        
        rewrite ^/api(/.*)$ $1 break;
    }

    location /admin {
        root /usr/share/nginx/html/admin;
        index index.html;
        try_files /admin$uri /admin$uri/ /admin/index.html;
    }

    location ~* \.(?:manifest|appcache|html?|xml|json)$ {
      expires -1;
      # access_log logs/static.log; # I don't usually include a static log
    }

    location ~* \.(?:css|js)$ {
      try_files $uri /admin$uri =404;
      expires 1y;
      access_log off;
      add_header Cache-Control "public";
    }

    # Any route containing a file extension (e.g. /devicesfile.js)
    location ~ ^.+\..+$ {
      try_files $uri =404;
    } 

    # Any route that doesn't have a file extension (e.g. /devices)
    location / {
        try_files $uri $uri/ /index.html;
    }
}