diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2
index 80f7786..85c6ecc 100644
--- a/roles/nginx/templates/nginx.conf.j2
+++ b/roles/nginx/templates/nginx.conf.j2
@@ -10,6 +10,13 @@ events {
 http {
     access_log {{ nginx_logdir }}/access.log combined;
 
+    proxy_ssl_certificate {{ tls_certs }}/{{ inventory_hostname }}.crt;
+    proxy_ssl_certificate_key {{ tls_private }}/{{ inventory_hostname }}.key;
+    proxy_ssl_trusted_certificate {{ tls_certs }}/ca.crt;
+    proxy_ssl_protocols TLSv1.2 TLSv1.3;
+    proxy_ssl_server_name on;
+    proxy_ssl_verify on;
+
     map $http_upgrade $connection_upgrade {
         default upgrade;
         '' close;
@@ -35,13 +42,6 @@ http {
         }
     }
 {% else %}
-    proxy_ssl_certificate {{ tls_certs }}/{{ inventory_hostname }}.crt;
-    proxy_ssl_certificate_key {{ tls_private }}/{{ inventory_hostname }}.key;
-    proxy_ssl_trusted_certificate {{ tls_certs }}/ca.crt;
-    proxy_ssl_protocols TLSv1.2 TLSv1.3;
-    proxy_ssl_server_name on;
-    proxy_ssl_verify on;
-
     ssl_session_timeout 1d;
     ssl_session_cache shared:MozSSL:10m;
     ssl_session_tickets off;