server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	server_name www.tyil.nl;

	ssl_certificate /etc/letsencrypt/live/www.tyil.nl/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/www.tyil.nl/privkey.pem;

	access_log /var/log/nginx/access/tyil.nl/tyil.nl.log;

	include /etc/nginx/snippets.d/certbot.conf;
	include /etc/nginx/snippets.d/headers.conf;
	include /etc/nginx/snippets.d/ssl.conf;

	root /var/www/nl.tyil.www/public;

	# Custom error pages
	error_page 404 /http-404.html;

	# Redirects from older versions
	location /atom.xml { return 301 https://www.tyil.nl/posts/index.xml; }
	location /feed.xml { return 301 https://www.tyil.nl/posts/index.xml; }

	# GoAccess
	location /analytics {
		add_header Content-Security-Policy "default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline'; img-src data:; font-src data:; connect-src wss://tyil.nl:443";

		alias /run/goaccess;
		try_files /tyil.nl.html =404;
	}

	location / {
		try_files $uri $uri/ =404;
	}
}