server {
    listen       80;
    server_name  _;
    return 301 https://$host$request_uri;
}

server {
    listen       443 default_server ssl http2;
    server_name  _;

    ssl_ciphers         EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256;
    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_dhparam         /etc/ssl/certs/dhparam.pem;
    ssl_ecdh_curve      secp384r1;
    ssl_certificate     /etc/ssl/certs/tea_bundle.crt;
    ssl_certificate_key /etc/ssl/certs/tea.key;
    ssl_session_cache   shared:MozSSL:10m;
    ssl_session_timeout 1d;
    ssl_prefer_server_ciphers on;

    location / {
        root   /var/www/TeaWeb;
        index  index.html;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    gzip          off;
}