server {
    listen                     80;
    listen                     [::]:80;

    include                    /etc/nginx/location/*.conf;
}

server {
    listen                     443 ssl http2;
    listen                     [::]:443 ssl http2;

    add_header                 X-Xss-Protection 1;
    add_header                 X-Frame-Options DENY;
    add_header                 X-Content-Type-Options nosniff;

    ssl_prefer_server_ciphers  on;
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                HIGH:!aNULL:!MD5;

    ssl_certificate            /etc/letsencrypt/live/dc3.site/fullchain.pem;
    ssl_certificate_key        /etc/letsencrypt/live/dc3.site/privkey.pem;

    include                    /etc/nginx/location/*.conf;
}