server {
    listen 80 default_server;
    listen [::]:80 default_server;

    include /etc/nginx/conf.d/default.d/*.conf;
}

server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;

    include /etc/nginx/conf.d/security.conf.inc;

    ssl_certificate /etc/yunohost/certs/yunohost.org/crt.pem;
    ssl_certificate_key /etc/yunohost/certs/yunohost.org/key.pem;

    more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload";
    more_set_headers "Referrer-Policy : 'same-origin'";

    location /yunohost {
        # Redirect most of 404 to maindomain.tld/yunohost/sso
        access_by_lua_file /usr/share/ssowat/access.lua;
    }

    include /etc/nginx/conf.d/yunohost_admin.conf.inc;
    include /etc/nginx/conf.d/yunohost_api.conf.inc;
    include /etc/nginx/conf.d/default.d/*.conf;
}