server {
    listen 80;
    listen [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;
    
    ssl_certificate /etc/letsencrypt/live/element.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/element.example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/ssl/dhparams.pem;
    
    server_name element.example.com;
    
    location / {
        if ($scheme = http) {
            return 301 https://$host$request_uri;
    	}
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header Content-Security-Policy "frame-ancestors 'self'";
    }
    
    root /usr/share/element-web;
    index index.html;
    
    access_log /var/log/nginx/element-access.log;
    error_log /var/log/nginx/element-error.log;
}