# Keep this sorted alphabetically, please!
map $host $upstream_acme_challenge_host {
    branding-resources.hamburg.ccc.de 172.31.17.151:31820;
    c3cat.de 172.31.17.151:31820;
    ccchoir.de ccchoir-intern.hamburg.ccc.de:31820;
    www.ccchoir.de ccchoir-intern.hamburg.ccc.de:31820;
    cloud.hamburg.ccc.de 172.31.17.143:31820;
    element.hamburg.ccc.de 172.31.17.151:31820;
    git.hamburg.ccc.de 172.31.17.154:31820;
    grafana.hamburg.ccc.de 172.31.17.145:31820;
    hackertours.hamburg.ccc.de 172.31.17.148:31820;
    hamburg.ccc.de 172.31.17.151:31820;
    id.hamburg.ccc.de 172.31.17.144:31820;
    invite.hamburg.ccc.de 172.31.17.144:31820;
    keycloak-admin.hamburg.ccc.de 172.31.17.144:31820;
    matrix.hamburg.ccc.de 172.31.17.150:31820;
    netbox.hamburg.ccc.de 172.31.17.149:31820;
    onlyoffice.hamburg.ccc.de 172.31.17.147:31820;
    pad.hamburg.ccc.de 172.31.17.141:31820;
    spaceapi.hamburg.ccc.de 172.31.17.151:31820;
    staging.hamburg.ccc.de 172.31.17.151:31820;
    wiki.ccchh.net 172.31.17.146:31820;
    wiki.hamburg.ccc.de 172.31.17.146:31820;
    www.hamburg.ccc.de 172.31.17.151:31820;
    zammad.hamburg.ccc.de 172.31.17.152:31820;
    eh03.easterhegg.eu 172.31.17.151:31820;
    eh05.easterhegg.eu 172.31.17.151:31820;
    eh07.easterhegg.eu 172.31.17.151:31820;
    eh09.easterhegg.eu 172.31.17.151:31820;
    eh11.easterhegg.eu 172.31.17.151:31820;
    eh22.easterhegg.eu 172.31.17.159:31820;
    easterheggxxxx.hamburg.ccc.de 172.31.17.151:31820;
    eh2003.hamburg.ccc.de 172.31.17.151:31820;
    www.eh2003.hamburg.ccc.de 172.31.17.151:31820;
    easterhegg2003.hamburg.ccc.de 172.31.17.151:31820;
    www.easterhegg2003.hamburg.ccc.de 172.31.17.151:31820;
    eh2005.hamburg.ccc.de 172.31.17.151:31820;
    www.eh2005.hamburg.ccc.de 172.31.17.151:31820;
    easterhegg2005.hamburg.ccc.de 172.31.17.151:31820;
    www.easterhegg2005.hamburg.ccc.de 172.31.17.151:31820;
    eh2007.hamburg.ccc.de 172.31.17.151:31820;
    www.eh2007.hamburg.ccc.de 172.31.17.151:31820;
    eh07.hamburg.ccc.de 172.31.17.151:31820;
    www.eh07.hamburg.ccc.de 172.31.17.151:31820;
    easterhegg2007.hamburg.ccc.de 172.31.17.151:31820;
    www.easterhegg2007.hamburg.ccc.de 172.31.17.151:31820;
    eh2009.hamburg.ccc.de 172.31.17.151:31820;
    www.eh2009.hamburg.ccc.de 172.31.17.151:31820;
    eh09.hamburg.ccc.de 172.31.17.151:31820;
    www.eh09.hamburg.ccc.de 172.31.17.151:31820;
    easterhegg2009.hamburg.ccc.de 172.31.17.151:31820;
    www.easterhegg2009.hamburg.ccc.de 172.31.17.151:31820;
    eh2011.hamburg.ccc.de 172.31.17.151:31820;
    www.eh2011.hamburg.ccc.de 172.31.17.151:31820;
    eh11.hamburg.ccc.de 172.31.17.151:31820;
    www.eh11.hamburg.ccc.de 172.31.17.151:31820;
    easterhegg2011.hamburg.ccc.de 172.31.17.151:31820;
    www.easterhegg2011.hamburg.ccc.de 172.31.17.151:31820;
    hacker.tours 172.31.17.151:31820;
    staging.hacker.tours 172.31.17.151:31820;
    woodpecker.hamburg.ccc.de 172.31.17.160:31820;
    design.hamburg.ccc.de 172.31.17.162:31820;
    default "";
}

server {
    listen 80 default_server;
    resolver 212.12.50.158 192.76.134.90;

    location /.well-known/acme-challenge/ {
        proxy_pass http://$upstream_acme_challenge_host;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        # This is http in any case.
        proxy_set_header X-Forwarded-Proto http;
    }

    # Better safe than sorry.
    # Don't do a permanent redirect to avoid acme challenge pain (even tho 443
    # still should work).
    location / {
        return 307 https://$host$request_uri;
    }
}