26 lines
No EOL
919 B
Django/Jinja
26 lines
No EOL
919 B
Django/Jinja
server {
|
|
listen 80;
|
|
server_name {{ instance.domain }};
|
|
include snippets/letsencrypt.conf;
|
|
location / { return 301 https://$http_host$request_uri; }
|
|
}
|
|
|
|
server {
|
|
server_name {{ instance.domain }};
|
|
listen 443 ssl http2;
|
|
ssl_certificate /var/lib/dehydrated/certs/{{ instance.domain }}/fullchain.pem;
|
|
ssl_certificate_key /var/lib/dehydrated/certs/{{ instance.domain }}/privkey.pem;
|
|
include /etc/nginx/proxy_params;
|
|
add_header Referrer-Policy $referrerpolicy;
|
|
add_header Strict-Transport-Security $sts;
|
|
add_header X-Content-Type-Options $xcontentoptions;
|
|
add_header X-XSS-Protection $xxssprotection;
|
|
|
|
location ~ /.well-known/(carddav|caldav) {
|
|
return 301 $scheme://$host/remote.php/dav;
|
|
}
|
|
|
|
location ~ \.* {
|
|
proxy_pass http://{{ inventory_hostname }}:80;
|
|
}
|
|
} |