#
# Default SECURED server block with LetsEncrypt support
#

server {
    listen 80;
    include /etc/nginx/server_names.conf;

    # default redirect to properly formed HTTPS location
    location / {
        return 301 https://$host:<HTTPS_PORT>$request_uri;
    }

    # process Let's Encrypt challenges
    location ^~ /.well-known/acme-challenge {
        # log requests for security reasons
        access_log /var/log/nginx/access.log main;
        error_log /var/log/nginx/error.log warn;

        default_type text/plain;
        root /usr/share/nginx/letsencrypt;
        autoindex on;
    }

    # error pages
    include /etc/nginx/errorpages.conf;
}

server {
    listen 443 ssl http2;
    include /etc/nginx/server_names.conf;

    location / {
        try_files $uri $uri/ =404;
    }

    # error pages
    include /etc/nginx/errorpages.conf;
}