server {
    server_name cyfraeviolae.org;

    location /forbidden-salamanders {
        proxy_pass http://127.0.0.1:9010/;
    }

    location /telechromy {
        alias /srv/telechromy/;
    }

    location /prosodyle {
        alias /srv/prosodyle/;
    }

    location /prosodyle/level-select {
        default_type "text/html";
        alias /srv/prosodyle/level-select.html;
    }

    location /well-ordered {
        alias /srv/well-ordered/;
    }

    location /sumcheck {
        proxy_pass http://127.0.0.1:9000;
    }

    location /antiquitysort {
        proxy_pass http://127.0.0.1:8090;
    }

    location /spectral-renga {
        proxy_pass http://127.0.0.1:8080;
    }

    location /git {
        alias /srv/git/;
        fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi;
        fastcgi_pass unix:/var/run/fcgiwrap.socket;
        fastcgi_split_path_info           ^(/git/?)(.+)$;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param QUERY_STRING $args;
    }

    location / {
        root /srv/cyfraeviolae;
        expires 1h;
        add_header Cache-Control "public";
    }

    error_page 404 /404.html;
    location = /404.html {
        root /srv/cyfraeviolae;
        expires 1h;
        add_header Cache-Control "public";
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/cyfraeviolae.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/cyfraeviolae.org/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

server {
    if ($host = cyfraeviolae.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
    server_name cyfraeviolae.org;
    listen 80;
    return 404;
}