server {
    listen *:443 ssl;
    server_name upload.example.com;
    ssl_certificate /path/to/upload.example.com.crt;
    ssl_certificate_key /path/to/upload.example.com.key;

    # The `docroot' used by mod_http_upload.
    root /home/xmpp/upload;

    # Shouldn't be smaller than the `max_size' accepted by mod_http_upload.
    client_max_body_size 100m;

    location / {
        # Pass all requests to ejabberd, except for GET and HEAD requests.
        limit_except GET {
            proxy_pass http://localhost:5444;
        }
        proxy_set_header Host $host;

        if ($request_method = GET) {
            add_header X-Frame-Options DENY;
        }
        add_header Strict-Transport-Security "max-age=31536000";
    }
}