server {
    listen                  443 ssl http2;
    listen                  [::]:443 ssl http2;
    server_name             eax.app;
    root                    /srv/http/eax.app;

    # SSL
    ssl_certificate         /etc/letsencrypt/live/eax.app/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/eax.app/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/eax.app/chain.pem;

    # security
    include                 nginxconfig.io/security.conf;

    # restrict methods
    if ($request_method !~ ^(GET|HEAD|CONNECT|OPTIONS|TRACE)$) {
        return '405';
    }

    # logging
    access_log /var/log/nginx/eax.app.access.log;
    error_log  /var/log/nginx/eax.app.error.log warn;

    # index.html fallback
    location / {
        try_files $uri $uri/ /index.html;
    }

    # index.php fallback
    location ~ ^/api/ {
        try_files $uri $uri/ /index.php?$query_string;
    }

    # additional config
    include nginxconfig.io/general.conf;
}

# HTTP redirect
server {
    listen      80;
    listen      [::]:80;
    server_name eax.app;
    include     nginxconfig.io/letsencrypt.conf;

    location / {
        return 301 https://eax.app$request_uri;
    }
}