server {
 	server_name _;
 	# you can serve any number of redirects from here...
 	listen 80;
 	return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name rpg.ascorrea.com;
	ssl_certificate /etc/nginx/ssl/live/rpg.ascorrea.com/fullchain.pem;
	ssl_certificate_key /etc/nginx/ssl/live/rpg.ascorrea.com/privkey.pem;

	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_trusted_certificate /etc/nginx/ssl/live/rpg.ascorrea.com/fullchain.pem;

	ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
	ssl_ciphers         HIGH:!aNULL:!MD5;
	
#	include applications/vouch.conf;

    root /var/www/html/;
	
	error_page 401 = @error401;

	location / {
		# This application is simply proxy-passed without any authentication
		index  index.html index.htm;
		
	}
	location /gm-tools {
		auth_request /vouch/validate;
		auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user;
		# This application is simply proxy-passed without any authentication
		index  index.html index.htm;
		
	}
	
	include /etc/nginx/conf.d/apps-enabled/*.conf;
	    
}