server {
        server_name FQDN;
        root /web/FQDN;
        listen [::]:443 ssl http2;
        listen 443 ssl http2;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_certificate /etc/letsencrypt/live/FQDN/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/FQDN/privkey.pem;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        #include snippets/custom-error.conf;

        # HSTS (ngx_http_headers_module is required) (63072000 seconds)
        add_header Strict-Transport-Security "max-age=63072000" always;

        # OCSP stapling
        ssl_stapling on;
        ssl_stapling_verify on;

        location /nginx_status {
            stub_status on;
        }
}

server {
        server_name  FQDN;
        root         /web/FQDN;
        #include snippets/custom-error.conf;
        listen       80;
        listen       [::]:80;

        location /nginx_status {
            stub_status on;
        }
}