server {
    listen 80;
    server_name domain;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    server_name domain;
    
    ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;
    
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    access_log /www/log/domain-a.log;
    error_log /www/log/domain-e.log;
    
    set $root_dir "/www/public";
    
    if ($http_user_agent ~* "(curl|wget)") {
        set $root_dir "/www/sh";
    }
    
    root $root_dir;
    index index.html;
}
