#######
### NGINX server configuration
### Redirect to secure connection
### Process LetsEncrypt verification requests
#######

server {
    listen 80;
    listen [::]:80;

    # specify server name(s)
    include /etc/nginx/snippets/server_names.conf;

    # redirect to properly formed HTTPS request
    location / {
        return 301 https://$host$request_uri;
    }

    # process LetsEncrypt requests
    location ^~ /.well-known/acme-challenge {
        # log requests to review issued certs or for security auditing
        access_log /var/log/nginx/LetsEncrypt_access.log main;
        error_log /var/log/nginx/LetsEncrypt_error.log warn;

        default_type text/plain;
        root /usr/share/nginx/html/letsencrypt;
        autoindex on;
    }

    # error pages
    error_page 404 /404.html;
    location = /404.html {
        root /usr/share/nginx/html;
        internal;
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
        internal;
    }
}