ansible-role-nextcloud/templates/nginx_site.j2

53 lines
No EOL
1.8 KiB
Django/Jinja

server {
listen 80;
{% if instance.alias is defined %}
server_name {{ instance.domain }};
server_name {{ instance.alias }};
{% else %}
server_name {{ instance.domain }};
{% endif %}
include snippets/letsencrypt.conf;
location / { return 301 https://$http_host$request_uri; }
}
server {
listen 443 ssl http2;
server_name {{ instance.domain }};
ssl_certificate /var/lib/dehydrated/certs/{{ instance.domain }}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/{{ instance.domain }}/privkey.pem;
include /etc/nginx/proxy_params;
add_header Referrer-Policy $referrerpolicy;
add_header Strict-Transport-Security $sts;
add_header X-Content-Type-Options $xcontentoptions;
add_header X-XSS-Protection $xxssprotection;
location ~ /.well-known/(carddav|caldav) {
return 301 $scheme://$host/remote.php/dav;
}
location ~ \.* {
proxy_pass http://{{ inventory_hostname }}:80;
}
}
{% if instance.alias is defined %}
server {
listen 443 ssl http2;
server_name {{ instance.alias }};
ssl_certificate /var/lib/dehydrated/certs/{{ instance.alias }}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/{{ instance.alias }}/privkey.pem;
include /etc/nginx/proxy_params;
add_header Referrer-Policy $referrerpolicy;
add_header Strict-Transport-Security $sts;
add_header X-Content-Type-Options $xcontentoptions;
add_header X-XSS-Protection $xxssprotection;
location ~ /.well-known/(carddav|caldav) {
return 301 $scheme://$host/remote.php/dav;
}
location ~ \.* {
proxy_pass http://{{ inventory_hostname }}:80;
}
}
{% endif %}