include /opt/ace/sites/default/config/global/*.conf;
server {
    listen 80;
    server_name localhost;
    index index.php index.html;
    root /opt/ace/sites/default/public;
    ssl_certificate /www/server/vhost/cert/default.pem;
    ssl_certificate_key /www/server/vhost/cert/default.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
    ssl_prefer_server_ciphers off;
    ssl_early_data on;
    # error page
    error_page 404 /404.html;
    # custom configs
    include /opt/ace/sites/default/config/vhost/*.conf;
    # browser cache
    location ~ .*\.(bmp|jpg|jpeg|png|gif|svg|ico|tiff|webp|avif|heif|heic|jxl)$ {
        expires 30d;
        access_log /dev/null;
        error_log /dev/null;
    }
    location ~ .*\.(js|css|ttf|otf|woff|woff2|eot)$ {
        expires 6h;
        access_log /dev/null;
        error_log /dev/null;
    }
    # deny sensitive files
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.env) {
        return 404;
    }
    access_log /opt/ace/sites/default/log/access.log;
    error_log /opt/ace/sites/default/log/error.log;
}