server {
	listen 80;
	listen [::]:80;
	server_name example.com;

	access_log /var/log/nginx/example.com.access_log main;
	error_log /var/log/nginx/example.com.error_log info;

	root /var/www/example.com/htdocs;

	location /.well-known/host-meta {
		default_type text/xml;
		add_header Access-Control-Allow-Origin  *;
	}

	location /.well-known/host-meta.json {
		default_type application/json;
		add_header Access-Control-Allow-Origin  *;
	}

	location ^~ /.well-known/acme-challenge/ {
		allow all;
		default_type text/plain;
		return 200 "$1.abcd-efgh";
	}

	location / {
		return 301 https://www.example.com$request_uri;
	}
}

server {
	listen 127.0.0.1:8443 ssl http2;
	listen [::1]:8443 ssl http2;
	server_name example.com;

	ssl_certificate /etc/ssl/nginx/nginx.pem;
	ssl_certificate_key /etc/ssl/nginx/nginx.key;

	access_log /var/log/nginx/example.com.ssl_access_log main;
	error_log /var/log/nginx/example.com.ssl_error_log info;

	root /var/www/example.com/htdocs;

	location /.well-known/host-meta {
		default_type text/xml;
		add_header Access-Control-Allow-Origin  *;
	}

	location /.well-known/host-meta.json {
		default_type application/json;
		add_header Access-Control-Allow-Origin  *;
	}

	location / {
		return 301 https://www.example.com$request_uri;
	}

}