|
|
- server {
- listen 80;
- listen [::]:80;
- server_name {{ $domain }}@if ($redirect_www) www.{{ $domain }}@endif;
- return 301 https://{{ $domain }}$request_uri;
- }
-
- @if ($redirect_www)
- server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- ssl_certificate /etc/letsencrypt/live/www.{{ $domain }}/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/www.{{ $domain }}/privkey.pem;
-
- include /etc/nginx/snippets/ssl-params.conf;
- include /etc/nginx/snippets/secure-headers.conf;
-
- server_name www.{{ $domain }};
- return 301 https://{{ $domain }}$request_uri;
- }
- @endif
-
- server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
-
- ssl_certificate /etc/letsencrypt/live/{{ $domain }}/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/{{ $domain }}/privkey.pem;
-
- include /etc/nginx/snippets/ssl-params.conf;
- include /etc/nginx/snippets/secure-headers.conf;
-
- add_header Content-Security-Policy "
- default-src 'self';
- font-src 'self';
- style-src 'self';
- img-src 'self';
- base-uri 'self';
- form-action 'self';
- frame-ancestors 'self';
- ";
-
- @include('partials.default', ['domain' => $domain])
-
- @yield('server')
- }
|
