server { listen *:443 ssl; server_name upload.example.com; ssl_certificate /path/to/upload.example.com.crt; ssl_certificate_key /path/to/upload.example.com.key; # The `docroot' as specified in your ejabberd.yml file. root /home/xmpp/upload; # Shouldn't be smaller than `max_size' in your ejabberd.yml file. client_max_body_size 100m; location / { # Pass all requests to ejabberd, except for GET and HEAD requests. limit_except GET { proxy_pass http://127.0.0.1:5280; } proxy_set_header Host $host; if ($request_method = GET) { add_header X-Frame-Options DENY; } add_header Strict-Transport-Security "max-age=31536000"; } }