server {
	listen 80;
	listen [::]:80;

	server_name {{ ansible_fqdn }};

	location /.well-known/acme-challenge {
		default_type "text/plain";
		alias /var/www/acme-challenge;
	}

	location / {
		return 301 https://{{ ansible_fqdn }}$request_uri;
	}
}

server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	server_name {{ ansible_fqdn }};

	ssl_certificate_key /etc/nginx/ssl/{{ ansible_fqdn }}.key;
	ssl_certificate /etc/nginx/ssl/{{ ansible_fqdn }}.crt;

	proxy_redirect off;
	location / {
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_set_header X-Real-IP $remote_addr;
		proxy_pass https://localhost:8006;
		proxy_buffering off;
		client_max_body_size 0;
	}
}