server {
  listen 443 ssl;
  server_name ###domain### www.###domain###;
  error_log /var/log/nginx/###domain###-error.log warn;
  access_log /var/log/nginx/###domain###.log;

  ssl_certificate /etc/letsencrypt/live/###domain###/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/###domain###/privkey.pem;
  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

  if ($host ~* ^www\.(.*)) {
    set $host_without_www $1;
    rewrite ^(.*)$ $scheme://$host_without_www$1 permanent;
  }

  real_ip_header    X-Real-IP;
  location / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_pass http://###local_ip###;
  }
}