server {
        listen 80;
        server_name {{ nextcloud_domain }};
        include snippets/letsencrypt.conf;
        location / { return 301 https://$http_host$request_uri; }
}

server {
        server_name {{ nextcloud_domain }};
        listen 443 ssl http2;
        ssl_certificate /var/lib/dehydrated/certs/{{ nextcloud_domain }}/fullchain.pem;
        ssl_certificate_key /var/lib/dehydrated/certs/{{ nextcloud_domain }}/privkey.pem;
        include /etc/nginx/proxy_params;
        add_header Referrer-Policy $referrerpolicy;
        add_header Strict-Transport-Security $sts;
        add_header X-Content-Type-Options $xcontentoptions;
        add_header X-XSS-Protection $xxssprotection;
#        include /etc/nginx/snippets/hpkp.conf;

        location ~ /.well-known/(carddav|caldav) {
                return 301 $scheme://$host/remote.php/dav;
        }

        location ~ \.* {
                proxy_pass http://{{ inventory_hostname }}:80;
        }
}