I found the time at last, so this site is now being served by caddy as a proxy in front of the go process, mainly for the automatic tls stuff. It's running on a $5 DO instance, so we'll see how it holds up but it seems to be fine so far.

Seriously considering replacing my use of nginx elsewhere with caddy now.