server {
    listen 80;
    listen [::]:80;

    # Fortell nettleseren at den skal gå til HTTPS-siden i stedet for
    server_name grafana.hovedprosjekt.no;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name grafana.hovedprosjekt.no;
    root /var/www/html;

    # Sertifikat for å ha gyldig HTTPS
    ssl_certificate /srv/ssl/grafana/fullchain.pem;
    ssl_certificate_key /srv/ssl/grafana/key.pem;

    server_tokens off;

    # Diverse HTTP headere for bedre sikkerhet
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";

    index index.nginx-debian.html index.html index.htm;

    charset utf-8;

    # Fortell NGINX at den skal videresende
    # forespørsler til loopback på port 3000.
    location / {
        proxy_pass http://127.0.0.1:3000;
        include proxy_params;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log /var/log/nginx/grafana.hovedprosjekt.no-access.log combined;
    error_log  /var/log/nginx/grafana.hovedprosjekt.no-error.log error;

    location ~ /\.ht {
        deny all;
    }
}