server {
    # NOTE:
    # - urgently consider configuring TLS instead
    # - maybe keep a forwarder from HTTP to HTTPS
    listen 80;

    # NOTE:
    # - Comment out this line if you have no IPv6
    listen [::]:80;

    # NOTE:
    # - replace with your actual server name
    server_name %%your.domain%%;

    access_log /var/log/nginx/merchant.log;
    error_log /var/log/nginx/merchant.err;

    location / {
         proxy_pass http://unix:/var/run/taler-merchant/httpd/merchant-http.sock;
         proxy_redirect off;
         proxy_set_header Host $host;

         # NOTE:
         # - put your actual DNS name here
         proxy_set_header X-Forwarded-Host "%%your.domain%%";
         proxy_set_header X-Forwarded-Proto "http";
    }
}

server {
    # NOTE:
    # - This block provides the TLS/HTTPS configuration
    listen 443 ssl;
    listen [::]:443 ssl;

    # NOTE:
    # - replace with your actual server name
    server_name %%your.domain%%;

    ssl_certificate /etc/letsencrypt/live/%%your.domain%%/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/%%your.domain%%/privkey.pem;

    access_log /var/log/nginx/merchant.log;
    error_log /var/log/nginx/merchant.err;

    location / {
        proxy_pass http://unix:/var/run/taler-merchant/httpd/merchant-http.sock;
        proxy_redirect off;
        proxy_set_header Host $host;

        # NOTE:
        # - put your actual DNS name here
        proxy_set_header X-Forwarded-Host "%%your.domain%%";
        proxy_set_header X-Forwarded-Proto "https";
    }
}