asp.net core site SSL nginx configuration

1. The premise
first need to apply for SSL validation, I use Ali
Ali has a free security token apply for a one year period, of course, can choose other charges or free agency

2.
some of the key configuration, here is nginx centos system

server {
    listen  443;
    ssl on;
    server_name    admin.mu-booking.com;
    ssl_certificate     /www/wwwroot/Cf.WebApp/wwwroot/cert/fullchain.pem;
    ssl_certificate_key /www/wwwroot/Cf.WebApp/wwwroot/cert/privkey.pem;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;   
    

    location / {
    try_files $uri @gunicorn_proxy;
    }

    location @gunicorn_proxy {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_redirect off;
            proxy_pass https://127.0.0.1:5443;
            proxy_connect_timeout 500s;
            proxy_read_timeout 500s;
            proxy_send_timeout 500s;
    }
    
      location ~/Hub {
        proxy_pass https://127.0.0.1:5443; 
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection upgrade;
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

ssl_certificate, ssl_certificate_key path to correspond well, of course, you can set the path to another location, easy to update, 
this SSL authentication token file, to choose a good time to download the corresponding service, nginx, there iis, Apache, etc., would anyway compatible with mainstream services.

Here it is seen that we must have a web-accessible network addresses. For example https://127.0.0.1:5443
then nginx will delegate to 443 ssl port, the external network can be directly accessed using https.

3.
Some .net core under ssl settings

public class Program
    {
        public static void Main(string[] args)
        {
            // NLog: setup the logger first to catch all errors
            var logger = NLogBuilder.ConfigureNLog("nlog.config").GetCurrentClassLogger();
            try
            {
                logger.Debug("init main");
                CreateWebHostBuilder(args).Build().Run();
            }
            catch (Exception ex)
            {
                //NLog: catch setup errors
                logger.Error(ex, "Stopped program because of exception");
                throw;
            }
            finally
            {
                // Ensure to flush and stop internal timers/threads before application-exit (Avoid segmentation fault on Linux)
                NLog.LogManager.Shutdown();
            }
        }

        public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
          WebHost.CreateDefaultBuilder(args)
              .UseStartup<Startup>()
              .UseKestrel().UseUrls("http://*:5004", "https://*:5443")
              .ConfigureLogging(logging =>
              {
                  logging.ClearProviders();
                  logging.SetMinimumLevel(LogLevel.Trace);
              })
              .UseNLog();
    }

The simplest, UseKestrel (after) plus UseUrls, so two addresses can be started.
If you do not UseKestrel, direct UseUrls can only use http