# nginx conf file to use after LetsEncrypt SSL certs have been created
# replace <HOSTNAME> with your DNS i.e.automatisch.lasthourhosting.org

events {
    worker_connections  1024;
}

http {
    
    server {

        # nonstandard nginx http port
        listen 7758;
        listen [::]:7758;        
        server_name <HOSTNAME>;

        location ~ /.well-known/acme-challenge/ {
            root /var/www/certbot;
        }

        return 301 https://$host$request_uri;
    }

    server {

        # nonstandard nginx https port
        listen      7759 ssl http2;
        listen      [::]:7759 ssl http2;

        # use ssl letsencrypt certs
        ssl_certificate      /etc/letsencrypt/live/<HOSTNAME>/fullchain.pem;
        ssl_certificate_key  /etc/letsencrypt/live/<HOSTNAME>/privkey.pem;
        server_name <HOSTNAME>;


        location / {

            # Forward to Automatisch site which is running on port 7757
            proxy_pass http://main:7757/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;            
        }               

        location ~ /.well-known/acme-challenge/ {
            root /var/www/certbot;
        }        
    }    
}