# replace your.server.tld with your server's fqdn

server {
       listen 80;
       server_name your.server.tld;
       location / {
              return 302 https://your.server.tld$request_uri;
       }
       location /.well-known/acme-challenge {
              root /var/www/letsencrypt;
       }
}

server {
       listen 443 ssl;
       server_name your.server.tld;
       ssl_certificate /etc/letsencrypt/live/your.server.tld/fullchain.pem;
       ssl_certificate_key /etc/letsencrypt/live/your.server.tld/privkey.pem;
    
       location / {
                root /var/www/lokinet-bootserv;
       }

       location /bootstrap.signed {
                include /etc/nginx/fastcgi_params;
                fastcgi_param SCRIPT_FILENAME /usr/local/bin/lokinet-bootserv;
                fastcgi_pass unix://tmp/cgi.sock;
       }
}