server {
	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /rootdir/of/hostas2/;

	# Add index.php to the list if you are using PHP
	index index.php index.html index.htm index.nginx-debian.html;

	server_name example.net;

	# For WebFinger lookup
	location /.well-known/webfinger {
		rewrite ^/.well-known/webfinger /api/webfinger-lookup.php;
	}

	# API
	location /api/v1/ {
		index router.php;
		rewrite ^/api/v1/(.*)$ /api/v1/router.php?$args;
	}

	# pass PHP scripts to FastCGI server
	
	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
	
		# With php-fpm (or other unix sockets):
		fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
		fastcgi_param DOCUMENT_ROOT $realpath_root;
		fastcgi_pass unix:/run/php/php8.2-fpm.sock;
		# With php-cgi (or other tcp sockets):
		# fastcgi_pass 127.0.0.1:9000;
	}

	location / {
		autoindex on;
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
	}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	#}

	location /config.php {
		deny all;
	}

	listen [::]:443 ssl;
	listen 443 ssl;
	ssl_certificate /etc/letsencrypt/live/example.net/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/example.net/privkey.pem;
	include /etc/letsencrypt/options-ssl-nginx.conf;
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
    if ($host = example.net) {
        return 301 https://$host$request_uri;
    }


	listen 80;
	listen [::]:80;

	server_name example.net;
    return 404;


}