# Redirect HTTP traffic to HTTPS (both www and non-www)
server {
    listen 0.0.0.0:80;
    listen [::]:80;

    server_name mydomain.com www.mydomain.com;
    root /var/www/html/;  # Can probably omit completely
    
    # For Certbot challenges
    location /.well-known/acme-challenge/ {
      alias /var/www/html/.well-known/acme-challenge/;
    }

    # Permanent redirect to HTTPS version with www prefix
    return 301 https://www.mydomain.com$request_uri;
}