Use template mechanism of nginx image
diff --git a/nginx/Dockerfile.entrypoint b/nginx/Dockerfile.entrypoint
index 34e10f1..2af13cb 100644
--- a/nginx/Dockerfile.entrypoint
+++ b/nginx/Dockerfile.entrypoint
@@ -14,11 +14,7 @@
         cp /etc/ssl/certs/sa-selfsigned.crt ${live}/${domain}/cert.pem
     fi
 
-    for f in /etc/nginx/conf.d/sa.conf; do
-        sed "s/miau.local/${domain}/" ${f}.template >${f}
-    done
+    chmod -R go-w /etc/nginx/certs/live/
 }
 
-chmod -R a-w /etc/nginx/certs/ /etc/nginx/conf.d/sa.conf
-
 exec /docker-entrypoint.sh "$@"
diff --git a/nginx/id.sa.conf b/nginx/id.sa.conf
index 9dbac41..b64cc7d 100644
--- a/nginx/id.sa.conf
+++ b/nginx/id.sa.conf
@@ -2,7 +2,7 @@
     listen 443 ssl;
     listen [::]:443 ssl;
 
-    server_name id.miau.local;
+    server_name id.${SA_PUBLIC_DOMAIN_NAME};
 
     location /auth/ {   # Gerrit adds this prefix for Keycloak...
         rewrite ^/auth(.*)$ $1 last;
diff --git a/nginx/review.sa.conf b/nginx/review.sa.conf
index b5c826d..f25213c 100644
--- a/nginx/review.sa.conf
+++ b/nginx/review.sa.conf
@@ -4,7 +4,7 @@
     listen 443 ssl;
     listen [::]:443 ssl;
 
-    server_name review.miau.local;
+    server_name review.${SA_PUBLIC_DOMAIN_NAME};
 
     location / {
         proxy_pass        http://gerrit:8080;
diff --git a/nginx/sa.conf b/nginx/sa.conf
index f0cb923..56262ae 100644
--- a/nginx/sa.conf
+++ b/nginx/sa.conf
@@ -14,8 +14,8 @@
 server {
     listen 443 ssl default_server;
     listen [::]:443 ssl default_server;
-    ssl_certificate /etc/nginx/certs/live/miau.local/fullchain.pem;
-    ssl_certificate_key /etc/nginx/certs/live/miau.local/privkey.pem;
+    ssl_certificate /etc/nginx/certs/live/${SA_PUBLIC_DOMAIN_NAME}/fullchain.pem;
+    ssl_certificate_key /etc/nginx/certs/live/${SA_PUBLIC_DOMAIN_NAME}/privkey.pem;
     ssl_protocols TLSv1.3;
     ssl_prefer_server_ciphers on;
     #ssl_dhparam /etc/nginx/dhparam.pem;