map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    listen 80;
    listen [::]:80;
    server_name err404.numericore.com;

    access_by_lua_file /usr/share/ssowat/access.lua;

    include /etc/nginx/conf.d/acme-challenge.conf.inc;

    location ^~ '/.well-known/ynh-diagnosis/' {
        alias /var/www/.well-known/ynh-diagnosis/;
    }





    location / {
        return 301 https://$host$request_uri;
    }



    include /etc/nginx/conf.d/yunohost_http_errors.conf.inc;

    access_log /var/log/nginx/err404.numericore.com-access.log;
    error_log /var/log/nginx/err404.numericore.com-error.log;
}

server {
    listen 443 ssl http2 proxy_protocol;
    listen [::]:443 ssl http2;
    server_name err404.numericore.com;

    include /etc/nginx/conf.d/security.conf.inc;

    ssl_certificate /etc/yunohost/certs/err404.numericore.com/crt.pem;
    ssl_certificate_key /etc/yunohost/certs/err404.numericore.com/key.pem;


    more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload";


    # OCSP settings
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/yunohost/certs/err404.numericore.com/crt.pem;
    resolver 1.1.1.1 9.9.9.9 valid=300s;
    resolver_timeout 5s;




    access_by_lua_file /usr/share/ssowat/access.lua;

    include /etc/nginx/conf.d/err404.numericore.com.d/*.conf;

    include /etc/nginx/conf.d/yunohost_sso.conf.inc;
    include /etc/nginx/conf.d/yunohost_admin.conf.inc;
    include /etc/nginx/conf.d/yunohost_api.conf.inc;
    include /etc/nginx/conf.d/yunohost_http_errors.conf.inc;

    access_log /var/log/nginx/err404.numericore.com-access.log;
    error_log /var/log/nginx/err404.numericore.com-error.log;
}