geo $whitelisted {
  default 0;
  192.168.1.0/24 1;
}

server {
  modsecurity on;
  modsecurity_rules_file /etc/nginx/modsec_includes.conf;

  listen 80;
  server_name {{ parts_server_name }};

  location '/.well-known/acme-challenge' {
   default_type "text/plain";
   root /srv/http/letsencrypt;
  }

  location / {
   return 302 https://$host$request_uri;
  }
}