# {{ ansible_managed }}

server {
	listen 80 default_server;
	listen [::]:80 default_server;

	server_name _;
	server_name_in_redirect on;

	location /.well-known/acme-challenge {
		default_type "text/plain";
		alias /var/www/acme-challenge;
	}

	location / {
		return 301 https://$host$request_uri;
	}
}

server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	server_name _;

	ssl_certificate_key /etc/nginx/ssl/{{ ansible_fqdn }}.key;
	ssl_certificate /etc/nginx/ssl/{{ ansible_fqdn }}.crt;
}