server {

	server_name nextcloud.theschricks.com;

	location / {
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection $connection_upgrade;
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-For $remote_addr;
		proxy_pass http://pi2;
	}

	location = /.well-known/carddav {
    		return 301 $scheme://$host/remote.php/dav;
	}

	location = /.well-known/caldav {
    		return 301 $scheme://$host/remote.php/dav;
	}

    	client_max_body_size 512m;

	add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
	add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
	
	
    	listen [::]:443 ssl; # managed by Certbot
    	listen 443 ssl; # managed by Certbot
    	ssl_certificate /etc/letsencrypt/live/nextcloud.theschricks.com-0001/fullchain.pem; # managed by Certbot
    	ssl_certificate_key /etc/letsencrypt/live/nextcloud.theschricks.com-0001/privkey.pem; # managed by Certbot
    	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    	# OCSP stapling
    	ssl_stapling on;
    	ssl_stapling_verify on;
}

#HTTP
server {
	listen 80;
	listen [::]:80;
	server_name nextcloud.theschricks.com www.nextcloud.theschricks.com;
	return 301 https://$host$request_uri;
}

#Redirect www
server {
	listen 443 ssl;
	listen [::]:443 ssl;
	server_name www.nextcloud.theschricks.com;
	return 301 https://$host$request_uri;
}