Nginx: Virtual host and SSL + HTTP/2 before Varnish in port 8080 (backend is Apache2), redirecting from port 80 to port 443, map for normal 301 redirects

example.tld.conf

map_hash_bucket_size 256;

map $request_uri $new_uri {
	include /etc/nginx/snippets/includes/301.example.tld.map;
	}

server {
		listen <ip-address>:443 ssl http2;
		server_name example.tld www.example.tld;

		access_log   /var/log/nginx/access.log;
		error_log    /var/log/nginx/error.log;
		
		if ($host = example.tld) {
        		return 301 https://www.$host$request_uri;
    		}
		
		if ($new_uri != "") {
			return 301 $new_uri;
		}

		location / {
		proxy_pass http://127.0.0.1:8080;
		proxy_set_header X-Real-IP  $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto https;
		proxy_set_header X-Forwarded-Port 443;
		proxy_set_header Host $host;
		proxy_pass_header Server;
		}

    	ssl_certificate /etc/letsencrypt/live/example.tld/fullchain.pem; # managed by Certbot
    	ssl_certificate_key /etc/letsencrypt/live/example.tld/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    listen <ip-address>:80;
    server_name example.tld www.example.tld;

    access_log   /var/log/nginx/access-80.log;
    error_log    /var/log/nginx/error-80.log;

    if ($host = www.example.tld) {
        return 301 https://$host$request_uri;
    }
    if ($host = example.tld) {
        return 301 https://www.$host$request_uri;
    }
    return 404;

}

For 301 redirects and map you need a "conf" like this:
~/some/thing/?$ /else/where/
~/some/thing/$ /else/where/
~/some/thing /else/where/

Remember:
~/ when case-sensitive
~*/ when no case-sensitive

Apache2 redirect starts urls mostly using ^ but Nginx needs ~/ or ~*/