Here are some templates for reverse-proxy + wildcard SSL hosting. /etc/nginx/sites-enabled/default: server { listen 80 default; ## listen for ipv4; this line is default and implied listen [::]:80 default ipv6only=on; ## listen for ipv6 access_log /var/log/nginx/access.log; location / { root /srv/http/default/www; index index.html index.htm feed.xml; } # redirect server error pages to the static page /50x.html, /404.html error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /404.html { root /srv/http/default/www; } location = /50x.html { root /srv/http/default/www; } } server { listen 443; listen [::]:443 ipv6only=on; server_name *.YOURDOMAIN.HERE; ssl on; ssl_certificate /etc/ssl/certs/YOUR_CERT_HERE.combined.crt; ssl_certificate_key /etc/ssl/private/YOUR_KEY_HERE.key; location / { proxy_pass http://localhost:80/; proxy_set_header host $host; } } /etc/nginx/sites-available/example_static: server { listen 80; ## listen for ipv4; this line is default and implied listen [::]:80; ## listen for ipv6 server_name STATIC.YOURDOMAIN.HERE; access_log /var/log/nginx/static.access.log; error_log /var/log/nginx/static.error.log; location / { root /srv/http/YOUR_STATIC_PATH_HERE; #index index.html index.htm; autoindex on; #autoindex_exact_size off; } location /SOME_USER { alias /home/SOME_USER/www; index index.html index.htm; autoindex on; } } /etc/nginx/sites-available/example_proxy: server { listen 80; ## listen for ipv4; this line is default and implied listen [::]:80; ## listen for ipv6 server_name mailman mailman.YOUR_DOMAIN.HERE; access_log /var/log/nginx/mailman.access.log; error_log /var/log/nginx/mailman.error.log; location = / { rewrite ^ /mailman/listinfo permanent; } location / { rewrite ^ /mailman$uri?$args; } location /mailman/ { include proxy_params; proxy_pass http://127.0.0.1:5001/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } }