nginx/sites-available/brewpi.conf

server {
  listen 80;
  listen [::]:80;

  server_name brew.schleppe.cloud beer.schleppe.cloud;

  more_set_headers 'Upgrading: Connection';
  return 302 https://$host$request_uri;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name brew.schleppe.cloud;

  gzip on;
  gzip_types application/javascript;
  gzip_min_length 1000;
  gzip_static on;

  location / {
    resolver 10.0.0.72;
    proxy_pass http://brewpi.schleppe:8080;

    more_set_headers 'Access-Control-Allow-Origin: brewpi.schleppe.cloud beer.schleppe.cloud';
    more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS';
    more_set_headers 'Access-Control-Allow-Headers: Content-Type';

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
  }

  ssl_certificate /etc/letsencrypt/live/brew.schleppe.cloud/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/brew.schleppe.cloud/privkey.pem; # managed by Certbot

}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name beer.schleppe.cloud;

  gzip on;
  gzip_types application/javascript;
  gzip_min_length 1000;
  gzip_static on;

  location / {
    resolver 10.0.0.72;
    proxy_pass http://brewpi.schleppe:8080;

    more_set_headers 'Access-Control-Allow-Origin: brewpi.schleppe.cloud beer.schleppe.cloud';
    more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS';
    more_set_headers 'Access-Control-Allow-Headers: Content-Type';

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
  }

  ssl_certificate /etc/letsencrypt/live/beer.schleppe.cloud/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/beer.schleppe.cloud/privkey.pem; # managed by Certbot
}