server {
		listen 80;
		listen [::]:80;
		server_name {{ nginx_etherpad_url }};
		return 301 https://$http_host$request_uri;
}

map $http_upgrade $connection_upgrade {
				default upgrade;
				'' close;
		}

server {
		listen 443 ssl http2;
		listen [::]:443 ssl http2;
		server_name {{ nginx_etherpad_url }};

		ssl_certificate {{ nginx_ssl_directory }}fullchain.pem;
		ssl_certificate_key {{ nginx_ssl_directory }}privkey.pem;
		ssl_prefer_server_ciphers       on;

		location / {
				proxy_pass             http://localhost:9002/;
				proxy_set_header       Host $host;
				proxy_pass_header Server;
				# be careful, this line doesn't override any proxy_buffering on set in a conf.d/file.conf
				proxy_buffering off;
				proxy_set_header X-Real-IP $remote_addr;  # http://wiki.nginx.org/HttpProxyModule
				proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP
				proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used
				proxy_set_header Host $host;  # pass the host header
				proxy_http_version 1.1;  # recommended with keepalive connections
				# WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
				proxy_set_header Upgrade $http_upgrade;
				proxy_set_header Connection $connection_upgrade;
		}

}