server {
    listen 443 ssl;
    http2 on;
    server_name _;

    ssl_certificate     /etc/nginx/certs/cert.pem;
    ssl_certificate_key /etc/nginx/certs/key.pem;

    root /usr/share/nginx/html;
    index index.html;

    # Single page application: unknown paths fall back to index.html so that
    # client-side routes such as /item/minecraft:iron_ingot keep working.
    location / {
        try_files $uri $uri/ /index.html;
    }

    location ~* \.(?:js|css|woff2?|svg|png|jpg|jpeg|gif|ico)$ {
        expires 7d;
        add_header Cache-Control "public";
    }
}

# Redirect plain HTTP to HTTPS.
server {
    listen 80;
    server_name _;
    return 301 https://$host$request_uri;
}