# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# configuration of factor.red / frode klevstul / oct 2025
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# http ➔ https
server {
    listen 80;
    server_name factor.red;
    return 301 https://$host$request_uri;
}

# * ➔ bare domain (https)
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;

    ssl_certificate /etc/nginx/acme.sh/factor.red/fullchain.pem;
    ssl_certificate_key /etc/nginx/acme.sh/factor.red/key.pem;
    ssl_trusted_certificate /etc/nginx/acme.sh/factor.red/cert.pem;

    server_name *.factor.red;
    return 301 $scheme://factor.red$request_uri;
}

# https
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;

    ssl_certificate /etc/nginx/acme.sh/factor.red/fullchain.pem;
    ssl_certificate_key /etc/nginx/acme.sh/factor.red/key.pem;
    ssl_trusted_certificate /etc/nginx/acme.sh/factor.red/cert.pem;

    add_header Strict-Transport-Security "max-age=63072000" always;

    root /var/www/factor.red;
    index index.html;
    server_name factor.red;

    location @myownredirect {
        return 302 /;
    }

    # redirect 404 not found to the root
    location / {
        error_page 404 = @myownredirect;
    }

}