server {
  listen          443 ssl http2 default_server;
  listen          [::]:443 ssl http2 default_server;
  server_name     {{ gogs_domain }};

  include /etc/nginx/ssl.conf;

  ssl_certificate /var/lib/acme/live/{{ gogs_domain }}/fullchain;
  ssl_certificate_key /var/lib/acme/live/{{ gogs_domain }}/privkey;

  access_log off;

  location / {
    proxy_http_version      1.1;
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;

    proxy_pass              http://localhost:{{ gogs_port }};
    proxy_redirect          off;
  }
}