server {
  listen 80;
  listen [::]:80;

  server_name wagovipps.schleppe.cloud;

  more_set_headers Upgrading Connection;
  return 302 https://$host$request_uri;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name wagovipps.schleppe.cloud;

  # TODO restrict to allow vipps servers 
  location / {
    resolver 10.0.0.72;
    proxy_pass http://wagovipps.schleppe:80;

    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;

    more_set_headers 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS';
    more_set_headers 'Access-Control-Allow-Headers' 'Content-Type';
  }

  ssl_certificate /etc/letsencrypt/live/wagovipps.schleppe.cloud/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/wagovipps.schleppe.cloud/privkey.pem; # managed by Certbot
}