geo $whitelisted {
  default 0;
  192.168.1.0/24 1;
}

server {
  modsecurity on;
  modsecurity_rules_file {{ nginx_path }}/modsec_includes.conf;

  listen 80;
  server_name {{ parts_server_name }};

	location /.well-known {
		root /srv/http/letsencrypt;
		try_files $uri $uri/ =404;
	}

  location / {
	  return 302 https://$host$request_uri;
  }
}