# initial nginx conf file needed when running certbot container the first time to generate ssl certs
# replace <HOSTNAME> with your DNS i.e.automatisch.lasthourhosting.org

server {

    # nginx http port
    listen 80;
    listen [::]:80;        
    server_name <HOSTNAME>;

    location ~ /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    return 301 https://$host$request_uri;
}

server {

    # nginx https port
    listen      443 ssl;
    listen      [::]:443 ssl;
    http2 	    on;
    # use ssl letsencrypt certs
    ssl_certificate      /etc/letsencrypt/live/<HOSTNAME>/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/<HOSTNAME>/privkey.pem;
    ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 1h;
    
    server_name <HOSTNAME>;


    location / {

        # Forward to Automatisch site which is running on port 7757
        proxy_pass http://main:7757/;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;            
    }               

    location ~ /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }        
}