server {
    if ($host = {{ domain_whiteboard }}) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    client_max_body_size 64M;

    location / {
        return 301 https://$host$request_uri;
    }

    location ^~ /.well-known/acme-challenge/ {
        alias /var/www/html/.well-known/acme-challenge/;
        default_type "text/plain";
        allow all;
    }
}

server {
    client_max_body_size 64M;
    #large_client_header_buffers 4 16k;

    listen 443 ssl http2;

    server_name {{ domain_whiteboard }};
    ssl_certificate /etc/letsencrypt/live/whiteboard.letsbe.solutions/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/whiteboard.letsbe.solutions/privkey.pem;

    #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    #auth_basic "Restricted Content";
    #auth_basic_user_file letsbe-htpasswd;

    location / {
        proxy_pass http://0.0.0.0:4014;
        proxy_http_version 1.1;
        proxy_read_timeout 3600s;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host            $host;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        add_header X-Frontend-Host $host;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    }

    location ^~ /.well-known/acme-challenge/ {
        alias /var/www/html/.well-known/acme-challenge/;
        default_type "text/plain";
        allow all;
    }
    
}