server {
	listen 443 ssl;
	server_name {{ prowlarr_server_name }};

    ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem;
    add_header Strict-Transport-Security "max-age=31536000" always;
    ssl_stapling on;
    ssl_stapling_verify on;

    # Security / XSS Mitigation Headers
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

	# authelia
	include /etc/nginx/snippets/authelia-location.conf;

    location / {
		#authelia
		include /etc/nginx/snippets/proxy.conf;
        include /etc/nginx/snippets/authelia-authrequest.conf;

		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection $http_connection;
        proxy_pass http://127.0.0.1:{{ prowlarr_external_port }}/;
    }

}

server {
    listen 80;
    listen [::]:80;
	server_name {{ prowlarr_server_name }};
	return 301 https://$host$request_uri;
}