Split nginx' sa.conf
diff --git a/nginx/id.sa.conf b/nginx/id.sa.conf
new file mode 100644
index 0000000..9dbac41
--- /dev/null
+++ b/nginx/id.sa.conf
@@ -0,0 +1,16 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name id.miau.local;
+
+    location /auth/ {   # Gerrit adds this prefix for Keycloak...
+        rewrite ^/auth(.*)$ $1 last;
+    }
+
+    location / {
+        proxy_pass          http://keycloak:8080;
+        proxy_set_header    X-Forwarded-For $remote_addr;
+        proxy_set_header    Host $host;
+    }
+}
diff --git a/nginx/review.sa.conf b/nginx/review.sa.conf
new file mode 100644
index 0000000..b5c826d
--- /dev/null
+++ b/nginx/review.sa.conf
@@ -0,0 +1,25 @@
+proxy_cache_path /var/cache/nginx/gerrit levels=2 keys_zone=GERRIT:1m inactive=1w max_size=16m;
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name review.miau.local;
+
+    location / {
+        proxy_pass        http://gerrit:8080;
+        proxy_set_header  X-Forwarded-For $remote_addr;
+        proxy_set_header  Host $host;
+
+        location ~ ^/(bower_components|elements|fonts|styles)/ {
+            proxy_pass              http://gerrit:8080;
+            proxy_set_header        X-Forwarded-For $remote_addr;
+            proxy_set_header        Host $host;
+            proxy_cache             GERRIT;
+            proxy_cache_valid       200 1h;
+            proxy_cache_use_stale   error timeout invalid_header updating http_500 http_503;
+            # Gerrit bug sets `private`, hence the whole location override:
+            proxy_ignore_headers    Cache-Control;
+        }
+    }
+}
diff --git a/nginx/sa.conf b/nginx/sa.conf
index 1978248..f0cb923 100644
--- a/nginx/sa.conf
+++ b/nginx/sa.conf
@@ -1,5 +1,3 @@
-proxy_cache_path /var/cache/nginx/gerrit levels=2 keys_zone=GERRIT:1m inactive=1w max_size=16m;
-
 server {
     listen 80;
     listen [::]:80;
@@ -14,23 +12,6 @@
 }
 
 server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
-
-    server_name id.miau.local;
-
-    location /auth/ {   # Gerrit adds this prefix for Keycloak...
-        rewrite ^/auth(.*)$ $1 last;
-    }
-
-    location / {
-        proxy_pass          http://keycloak:8080;
-        proxy_set_header    X-Forwarded-For $remote_addr;
-        proxy_set_header    Host $host;
-    }
-}
-
-server {
     listen 443 ssl default_server;
     listen [::]:443 ssl default_server;
     ssl_certificate /etc/nginx/certs/live/miau.local/fullchain.pem;
@@ -53,23 +34,4 @@
     add_header X-Frame-Options DENY;
     add_header X-Content-Type-Options nosniff;
     add_header X-XSS-Protection "1; mode=block";
-
-    server_name review.miau.local;
-
-    location / {
-        proxy_pass        http://gerrit:8080;
-        proxy_set_header  X-Forwarded-For $remote_addr;
-        proxy_set_header  Host $host;
-
-        location ~ ^/(bower_components|elements|fonts|styles)/ {
-            proxy_pass              http://gerrit:8080;
-            proxy_set_header        X-Forwarded-For $remote_addr;
-            proxy_set_header        Host $host;
-            proxy_cache             GERRIT;
-            proxy_cache_valid       200 1h;
-            proxy_cache_use_stale   error timeout invalid_header updating http_500 http_503;
-            # Gerrit bug sets `private`, hence the whole location override:
-            proxy_ignore_headers    Cache-Control;
-        }
-    }
 }