events {}

http {
    include /etc/nginx/conf.d/*.conf;

    # 所有 HTTP 自动跳 HTTPS
    server {
        listen 80 default_server;
        server_name _;
        
        location / {
            return 301 https://$host$request_uri;
        }

        # 让证书续期正常工作（必须留）
        location /.well-known/acme-challenge/ {
            root /var/www/html;
            try_files $uri =404;
        }
    }
}