## $HOSTNAME

# Redirect all HTTP to HTTPS.
server {
	listen 80;
	listen [::]:80;

	server_name $HOSTNAME;
	root /tmp/invalid-path-nothing-here;

	# Improve privacy: Hide version an OS information on
	# error pages and in the "Server" HTTP-Header.
	server_tokens off;

	# Redirect using the 'return' directive and the built-in
	# variable '$request_uri' to avoid any capturing, matching
	# or evaluation of regular expressions.
	return 301 https://$HOSTNAME$request_uri;
}

# The secure HTTPS server.
server {
	listen 443 ssl;
	listen [::]:443 ssl;

	server_name $HOSTNAME;

	# Improve privacy: Hide version an OS information on
	# error pages and in the "Server" HTTP-Header.
	server_tokens off;

	ssl_certificate $SSL_CERTIFICATE;
	ssl_certificate_key $SSL_KEY;

	# ADDITIONAL DIRECTIVES HERE
}