server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	server_name tyil.nl;

	ssl_certificate /etc/letsencrypt/live/tyil.nl/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/tyil.nl/privkey.pem;

	include /etc/nginx/snippets.d/certbot.conf;
	include /etc/nginx/snippets.d/headers.conf;
	include /etc/nginx/snippets.d/ssl.conf;

	location ~ ^/.well-known/openpgpkey(.+)$ {
		add_header Access-Control-Allow-Origin *;

		root /var/wkd/nl.tyil;
		try_files $1 =404;
	}

	location / {
		return 301 https://www.tyil.nl$request_uri;
	}
}