server {
    listen                  8080;
    server_name             z.gruszczynski.eu.org;
    set                     $base /var/www/z.gruszczynski.eu.org;
    root                    $base;

    # security
    include                 config/security.conf;

    # restrict methods
    if ($request_method !~ ^(GET)$) {
        return '405';
    }

    # index.php
    index      index.php;

    # additional config
    include config/general.conf;
    port_in_redirect off;

    location / {
    }

    # handle .php
    location ~ \.php$ {
        include config/php_fastcgi.conf;
    }
}

server {
    listen 443 quic;
    listen 443 ssl;
    http2 on;
    http3 on;
    ssl_protocols       TLSv1.3 TLSv1.2;
    ssl_early_data on;
    add_header Alt-Svc 'h3=":$server_port"; ma=86400';

    server_name             z.gruszczynski.eu.org;

    access_log /var/log/nginx/z.gruszczynski.eu.org.access.log main;
    error_log  /var/log/nginx/z.gruszczynski.eu.org.error.log warn;

    ssl_certificate /etc/letsencrypt/live/z.gruszczynski.eu.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/z.gruszczynski.eu.org/privkey.pem;
    ssl_trusted_certificate     /etc/letsencrypt/live/z.gruszczynski.eu.org/chain.pem;

    # ssl cfg
    include                 config/ssl_cfg.conf;

    include config/letsencrypt.conf;


    location / {
        proxy_pass http://127.0.0.1:6081/;
        include config/proxy.conf;
        add_header X-Robots-Tag "noindex, follow" always;

    }

    location = /robots.txt {
       add_header Content-Type text/plain;
       return 200 "User-agent: *\nDisallow: /\n";
    }

   

}

# HTTP redirect
server {
    listen                  80;
    server_name             z.gruszczynski.eu.org;
    add_header Alt-Svc 'h3=":443"; ma=86400';

    include config/letsencrypt.conf;

    # restrict methods
    if ($request_method !~ ^(GET)$) {
        return '405';
    }

    location / {
        return 301 https://z.gruszczynski.eu.org$request_uri;
    }
}