server {
	listen			202.61.255.116:443 ssl http2;
	listen			[2a03:4000:55:d20::]:443 ssl http2;

	ssl_certificate         /etc/ssl/lysergic/fullchain.pem;
	ssl_certificate_key     /etc/ssl/lysergic/private/privkey.pem;

	server_name		git.lysergic.dev git.de.com;

	return			302 https://git.com.de;
}
server {
	listen			202.61.255.116:443 ssl http2;
	listen			[2a03:4000:55:d20::]:443 ssl http2;

	ssl_certificate         /etc/ssl/liberta.casa/fullchain.pem;
	ssl_certificate_key     /etc/ssl/liberta.casa/private/privkey.pem;

	server_name		git.casa;

#	return			302 https://git.com.de/libertacasa;


	root			/srv/www/htdocs;

	try_files             $uri @cgit;

	location @cgit {
		include             fastcgi_params;
		fastcgi_param       SCRIPT_FILENAME /srv/www/cgi-bin/cgit/cgit.cgi;
		fastcgi_param       PATH_INFO       $uri;
		fastcgi_param       QUERY_STRING    $args;
		fastcgi_param       HTTP_HOST       $server_name;
		fastcgi_pass        unix:/run/fcgiwrap.sock;
    }


}

server {
	listen			202.61.255.116:443 ssl http2;
	listen			[2a03:4000:55:d20::]:443 ssl http2;
	listen			192.168.0.115:443 ssl http2;

	server_name		git.com.de;

	ssl_certificate		/etc/ssl/lysergic/fullchain.pem;
	ssl_certificate_key	/etc/ssl/lysergic/private/privkey.pem;

	ssl_session_timeout		1d;
	ssl_session_cache		shared:MozSSL:10m;  # about 40000 sessions
	ssl_session_tickets		off;
	ssl_protocols			TLSv1.3;
	ssl_prefer_server_ciphers	off;
	add_header			Strict-Transport-Security "max-age=63072000" always;
	ssl_stapling			on;
	ssl_stapling_verify		on;
	ssl_trusted_certificate		/etc/ssl/ca-bundle.pem;
	resolver			127.0.0.4;


	location		/ {
				proxy_pass	http://127.0.0.2:3501;
	}
}