server {
        listen                  202.61.255.100:443 ssl http2;
        listen                  [2a03:4000:55:d1d::]:443 ssl http2;

	server_name		3gy.de;

	ssl_certificate		/etc/ssl/mail/fullchain.pem;
	ssl_certificate_key	/etc/ssl/mail/private/privkey.pem;

	ssl_session_timeout	1d;
	ssl_session_cache	shared:MozSSL:10m;  # about 40000 sessions
	ssl_session_tickets	off;

	ssl_protocols			TLSv1.3;
	ssl_prefer_server_ciphers	off;

	add_header		Strict-Transport-Security "max-age=63072000" always;

	ssl_stapling		on;
	ssl_stapling_verify	on;

	ssl_trusted_certificate /etc/ssl/ca-bundle.pem;

	resolver		172.168.100.2;

	location		/ {
				root	/srv/www/htdocs/3gy/;
				index	index.html;
	}

}