# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# configuration of 00101111.xyz / frode klevstul / oct 2025
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# enforce ssl and bare domain (without www) for http requests
# ($server_name will return the first value given)
server {
    listen 80;
    server_name 00101111.xyz www.00101111.xyz;
    return 301 https://$server_name$request_uri;
}

# www to bare domain for https requests
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;

    ssl_certificate /etc/nginx/acme.sh/00101111.xyz/fullchain.pem;
    ssl_certificate_key /etc/nginx/acme.sh/00101111.xyz/key.pem;
    ssl_trusted_certificate /etc/nginx/acme.sh/00101111.xyz/cert.pem;

    server_name www.00101111.xyz;
    return 301 $scheme://00101111.xyz$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;

    ssl_certificate /etc/nginx/acme.sh/00101111.xyz/fullchain.pem;
    ssl_certificate_key /etc/nginx/acme.sh/00101111.xyz/key.pem;
    ssl_trusted_certificate /etc/nginx/acme.sh/00101111.xyz/cert.pem;

    root /var/www/00101111.xyz;
    index index.html;
    server_name 00101111.xyz;

    # redirect 404 not found to the root
    location / {
	   error_page 404 = @myownredirect;
    }

    location @myownredirect {
        return 302 /;
    }

    include fcgiwrap.conf;
}