server { listen 80; server_name {{ instance.name }}; {% if instance.alias is defined %} {% for alias in instance.alias %} server_name {{ alias }}; {% endfor %} {% endif %} include snippets/letsencrypt.conf; location / { return 301 https://$http_host$request_uri; } } server { listen 443 ssl http2; server_name {{ instance.name }}; ssl_certificate /var/lib/dehydrated/certs/{{ instance.name }}/fullchain.pem; ssl_certificate_key /var/lib/dehydrated/certs/{{ instance.name }}/privkey.pem; include /etc/nginx/proxy_params; add_header Referrer-Policy $referrerpolicy; add_header Strict-Transport-Security $sts; add_header X-Content-Type-Options $xcontentoptions; add_header X-XSS-Protection $xxssprotection; location ~ /.well-known/(carddav|caldav) { return 301 $scheme://$host/remote.php/dav; } location ~ \.* { proxy_pass http://{{ inventory_hostname }}:80; } } {% if instance.alias is defined %} {% for alias in instance.alias %} server { listen 443 ssl http2; server_name {{ alias }}; ssl_certificate /var/lib/dehydrated/certs/{{ alias }}/fullchain.pem; ssl_certificate_key /var/lib/dehydrated/certs/{{ alias }}/privkey.pem; include /etc/nginx/proxy_params; add_header Referrer-Policy $referrerpolicy; add_header Strict-Transport-Security $sts; add_header X-Content-Type-Options $xcontentoptions; add_header X-XSS-Protection $xxssprotection; location ~ /.well-known/(carddav|caldav) { return 301 $scheme://$host/remote.php/dav; } location ~ \.* { proxy_pass http://{{ inventory_hostname }}:80; } } {% endfor %} {% endif %}