To prevent some resolve errors, we need to append a resolver directive. The hostname shoul be the name of the cloudfront distribution.

location  /  {
set $dsomehost dsomehost.cloudfront.net; resolver 1.1.1.1 valid=30s; proxy_ssl_protocols TLSv1.2; proxy_ssl_server_name on; proxy_pass https://$dsomehost;