nginx.conf

user nobody nogroup; pid /tmp/nginx.pid; error_log /var/log/nginx/error.log;
# Best set to 1 as long as CTFd is served up from the same host
worker_processes 1; events {
  worker_connections 1024; # increase if you have lots of clients
  accept_mutex off; # set to 'on' if nginx worker_processes > 1
  use epoll; # a fast event mechanism for Linux 2.6+
}
http {
  include mime.types;
  # fallback in case we can't determine a type
  default_type application/octet-stream;
  access_log /var/log/nginx/access.log combined;
  # Set up a generous ssl session cache to reduce overhead
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;
  # Disable delayed sending of small packets
  tcp_nodelay on;
  upstream ctfd_app {
    #fail_timeout=0 always retry ctfd even if it failed
    server ctfd:8000 fail_timeout=0;
  }
  server {
    # if no Host match, close the connection to prevent host spoofing
    listen 8000 default_server;
    return 444;
  }
  server {
    listen 8443 ssl deferred;
    # You must either change this line or set the hostname of the server (e.g. through docker-compose.yml) for correct serving and ssl to be accepted
    server_name $hostname;
    # SSL settings: Ensure your certs have the correct host names
    ssl_certificate /etc/ssl/fullchain.pem;
    ssl_certificate_key /etc/ssl/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;
    # Set connections to timout in 5 seconds
    keepalive_timeout 5;
    location / {
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header Host $http_host;
      proxy_redirect off;
      proxy_buffering off;
      proxy_pass http://ctfd_app;
    }
  }
  # Redirect clients from HTTP to HTTPS
  server {
    listen 8000;
    server_name $hostname;
    return 301 https://$server_name$request_uri;
  }
}