--- dist/nginx.conf.orig	2023-09-21 14:51:32 UTC
+++ dist/nginx.conf
@@ -25,7 +25,7 @@ server {
   listen 80;
   listen [::]:80;
   server_name example.com;
-  root /home/mastodon/live/public;
+  root %%PREFIX%%/www/mastodon/public;
   location /.well-known/acme-challenge/ { allow all; }
   location / { return 301 https://$host$request_uri; }
 }
@@ -35,25 +35,25 @@ server {
   listen [::]:443 ssl http2;
   server_name example.com;
 
-  ssl_protocols TLSv1.2 TLSv1.3;
+  # ssl_protocols TLSv1.2 TLSv1.3;
 
   # You can use https://ssl-config.mozilla.org/ to generate your cipher set.
   # We recommend their "Intermediate" level.
-  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+  # ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
 
-  ssl_prefer_server_ciphers on;
-  ssl_session_cache shared:SSL:10m;
-  ssl_session_tickets off;
+  # ssl_prefer_server_ciphers on;
+  # ssl_session_cache shared:SSL:10m;
+  # ssl_session_tickets off;
 
   # Uncomment these lines once you acquire a certificate:
-  # ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
-  # ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
+  # ssl_certificate     %%PREFIX%%/etc/ssl/example.com/fullchain.pem;
+  # ssl_certificate_key %%PREFIX%%/etc/ssl/example.com/key.pem;
 
   keepalive_timeout    70;
   sendfile             on;
   client_max_body_size 99m;
 
-  root /home/mastodon/live/public;
+  root %%PREFIX%%/www/mastodon/public;
 
   gzip on;
   gzip_disable "msie6";