http {
    # SSL CONFIGURATION
    # Key locations
    ssl_certificate     /etc/letsencrypt/live/${MAIN_DOMAIN}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/${MAIN_DOMAIN}/privkey.pem;

    # Allowed protocols
    ssl_protocols TLSv1.2;

    # Allowed cyphers
    # ssl_ciphers EECDH+CHACHA20:EECDH+AES;

    # Cache settings
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;

    # Still gotta figure out what these do
    ssl_session_tickets       off;
    ssl_prefer_server_ciphers on;
    ssl_ecdh_curve            X25519:prime256v1:secp521r1:secp384r1;


    # Auto-route all HTTP requests to HTTPS
    server {
        listen ${HTTP_PORT};
        listen [::]:${HTTP_PORT};
        server_name _;

        return 301 https://$host:${HTTPS_PORT}$request_uri;
    }


    # LOAD SITES
    include sites-enabled/*.conf;
}