ansible-role-nextcloud/templates/nginx_site.j2

55 lines
1.8 KiB
Django/Jinja

server {
listen 80;
server_name {{ instance.name }};
{% if instance.alias is defined %}
{% for alias in instance.alias %}
server_name {{ alias }};
{% endfor %}
{% endif %}
include snippets/letsencrypt.conf;
location / { return 301 https://$http_host$request_uri; }
}
server {
listen 443 ssl http2;
server_name {{ instance.name }};
ssl_certificate /var/lib/dehydrated/certs/{{ instance.name }}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/{{ instance.name }}/privkey.pem;
include /etc/nginx/proxy_params;
add_header Referrer-Policy $referrerpolicy;
add_header Strict-Transport-Security $sts;
add_header X-Content-Type-Options $xcontentoptions;
add_header X-XSS-Protection $xxssprotection;
location ~ /.well-known/(carddav|caldav) {
return 301 $scheme://$host/remote.php/dav;
}
location ~ \.* {
proxy_pass http://{{ inventory_hostname }}:80;
}
}
{% if instance.alias is defined %}
{% for alias in instance.alias %}
server {
listen 443 ssl http2;
server_name {{ alias }};
ssl_certificate /var/lib/dehydrated/certs/{{ alias }}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/{{ alias }}/privkey.pem;
include /etc/nginx/proxy_params;
add_header Referrer-Policy $referrerpolicy;
add_header Strict-Transport-Security $sts;
add_header X-Content-Type-Options $xcontentoptions;
add_header X-XSS-Protection $xxssprotection;
location ~ /.well-known/(carddav|caldav) {
return 301 $scheme://$host/remote.php/dav;
}
location ~ \.* {
proxy_pass http://{{ inventory_hostname }}:80;
}
}
{% endfor %}
{% endif %}