ansible-role-nextcloud/templates/nginx_site.j2
2020-12-03 14:52:14 +00:00

27 lines
No EOL
971 B
Django/Jinja

server {
listen 80;
server_name {{ nextcloud_domain }};
include snippets/letsencrypt.conf;
location / { return 301 https://$http_host$request_uri; }
}
server {
server_name {{ nextcloud_domain }};
listen 443 ssl http2;
ssl_certificate /var/lib/dehydrated/certs/{{ nextcloud_domain }}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/{{ nextcloud_domain }}/privkey.pem;
include /etc/nginx/proxy_params;
add_header Referrer-Policy $referrerpolicy;
add_header Strict-Transport-Security $sts;
add_header X-Content-Type-Options $xcontentoptions;
add_header X-XSS-Protection $xxssprotection;
# include /etc/nginx/snippets/hpkp.conf;
location ~ /.well-known/(carddav|caldav) {
return 301 $scheme://$host/remote.php/dav;
}
location ~ \.* {
proxy_pass http://{{ inventory_hostname }}:80;
}
}