server {
  listen 8080;
  server_name <frontend_domain>;

  rewrite ^ https://<frontend_domain>:443$request_uri? permanent;
}


server {

  listen 8443 ssl http2;
  server_name <frontend_domain>;
  index index.html index.php index.htm;

  ssl_certificate /nginx/ssl/certificates/<frontend_domain>.crt;
  ssl_certificate_key /nginx/ssl/certificates/<frontend_domain>.key;
  ssl_trusted_certificate /nginx/ssl/certificates/<frontend_domain>.chain.pem;
  ssl_ct_static_scts /nginx/ssl/timestamps/<frontend_domain>;
  include /nginx/conf.d/ssl.conf;
  include /nginx/conf.d/headers.conf;
  include /nginx/conf.d/hsts.conf;
  include /nginx/conf.d/ocsp.conf;
  include /nginx/conf.d/ct.conf;

  include /nginx/path.d/<frontend_domain>/*.conf;

  location ~ /\.well-known/acme-challenge {
    root /nginx/www/<frontend_domain>;
    allow all;
  }
}