Add immich and switch to nginx-acme

nginx/sites-enabled/jellyseerr

@@ -1,18 +1,3 @@
-server {
-    listen 80;
-    listen [::]:80;
-    server_name jellyseerr.loadingm.xyz;
-
-    location /.well-known/acme-challenge/ {
-        root /var/www/certbot;
-    }
-
-    # Uncomment to redirect HTTP to HTTPS
-    location / {
-        return 301 https://$host$request_uri;
-    }
-}
-
 server {
     # Nginx versions 1.25+
     listen 443 ssl;
@@ -20,26 +5,20 @@ server {
     http2 on;
 
     server_name jellyseerr.loadingm.xyz;
+    acme_certificate      letsencrypt;
+    ssl_certificate       $acme_certificate; 
+    ssl_certificate_key   $acme_certificate_key; 
+    ssl_certificate_cache max=2;
 
     ## The default `client_max_body_size` is 1M, this might not be enough for some posters, etc.
     client_max_body_size 20M;
 
-    ssl_certificate /etc/letsencrypt/live/loadingm.xyz/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/loadingm.xyz/privkey.pem;
-    # include /etc/letsencrypt/options-ssl-nginx.conf;
-    # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
-    ssl_trusted_certificate /etc/letsencrypt/live/loadingm.xyz/chain.pem;
-
     # Security / XSS Mitigation Headers
     add_header X-Content-Type-Options "nosniff";
 
     # Permissions policy. May cause issues with some clients
     add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;
 
-    location /.well-known/acme-challenge/ {
-        root /var/www/certbot;
-    }
-
     # Content Security Policy
     # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
     # Enforces https content and restricts JS/CSS to origin