server {                      # HTTP -> HTTPS
  listen 80;
  server_name app.rolac.org api.rolac.org;
  location /.well-known/acme-challenge/ { root /var/www/certbot; }
  location / { return 301 https://$host$request_uri; }
}

server {
  listen 443 ssl;
  server_name app.rolac.org;
  ssl_certificate     /etc/letsencrypt/live/app.rolac.org/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/app.rolac.org/privkey.pem;

  location /api/ {
    proxy_pass         http://api:8080/api/;
    proxy_set_header   Host $host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;
  }
  location / {
    proxy_pass http://app:80;
  }
}