server {
        listen 80;
        listen [::]:80;

        server_name unifi.{{ http_domain_external }} unifi.{{ http_domain_internal }};

        location / {
                return 301 https://$host$request_uri;
        }
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name unifi.{{ http_domain_external }} unifi.{{ http_domain_internal }};

    charset utf-8;
    server_tokens off;
    proxy_ssl_verify off;

    ssl_certificate     /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;

    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;

    location /wss/ {
        proxy_pass https://localhost:8443;
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_read_timeout 86400;
    }

    location / {
            proxy_pass https://localhost:8443/; # The Unifi Controller Port
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
    }


}