diff --git a/script/nginx-hass b/script/nginx-hass
index 9fc1725f0432e3eb58989596026c4c105d464a6c..274fa105e045bb66c8b915a0deb14a90e286ac61 100644
--- a/script/nginx-hass
+++ b/script/nginx-hass
@@ -66,48 +66,55 @@
 #   port 8123.
 #
 ##
+http {
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      close;
+    }
 
-server {
-    # Update this line to be your domain
-    server_name example.com;
-
-
-    # These shouldn't need to be changed
-    listen 80 default_server;
-    listen [::]:80 default_server ipv6only=on;
-    return 301 https://$host$request_uri;
-}
+    server {
+        # Update this line to be your domain
+        server_name example.com;
 
+        # These shouldn't need to be changed
+        listen 80 default_server;
+        listen [::]:80 default_server ipv6only=on;
+        return 301 https://$host$request_uri;
+    }
 
-server {
-    # Update this line to be your domain
-    server_name example.com;
+    server {
+        # Update this line to be your domain
+        server_name example.com;
 
-    # Ensure these lines point to your SSL certificate and key
-    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
-    # Use these lines instead if you created a self-signed certificate
-    # ssl_certificate /etc/nginx/ssl/cert.pem;
-    # ssl_certificate_key /etc/nginx/ssl/key.pem;
+        # Ensure these lines point to your SSL certificate and key
+        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
+        # Use these lines instead if you created a self-signed certificate
+        # ssl_certificate /etc/nginx/ssl/cert.pem;
+        # ssl_certificate_key /etc/nginx/ssl/key.pem;
 
-    # Ensure this line points to your dhparams file
-    ssl_dhparam /etc/nginx/ssl/dhparams.pem;
+        # Ensure this line points to your dhparams file
+        ssl_dhparam /etc/nginx/ssl/dhparams.pem;
 
 
-    # These shouldn't need to be changed
-    listen 443 default_server;
-    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
-    ssl on;
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
-    ssl_prefer_server_ciphers on;
-    ssl_session_cache shared:SSL:10m;
+        # These shouldn't need to be changed
+        listen 443 default_server;
+        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
+        ssl on;
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
+        ssl_prefer_server_ciphers on;
+        ssl_session_cache shared:SSL:10m;
 
-    proxy_buffering off;
+        proxy_buffering off;
 
-    location / {
-        proxy_pass http://localhost:8123;
-        proxy_set_header Host $host;
-        proxy_redirect http:// https://;
+        location / {
+            proxy_pass http://localhost:8123;
+            proxy_set_header Host $host;
+            proxy_redirect http:// https://;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection $connection_upgrade;
+        }
     }
 }