server { listen 80; listen [::]:80; server_name {{ $domain }} @if ($redirect_www) www.{{ $domain }} @endif; return 301 https://{{ $domain }}$request_uri; } @if ($redirect_www) server { listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate /etc/letsencrypt/live/www.{{ $domain }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.{{ $domain }}/privkey.pem; include snippets/ssl-params.conf; include /etc/nginx/snippets/secure-headers.conf; server_name www.{{ $domain }}; return 301 https://{{ $domain }}$request_uri; } @endif server { listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate /etc/letsencrypt/live/{{ $domain }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{ $domain }}/privkey.pem; add_header Content-Security-Policy " default-src 'self'; font-src 'self'; style-src 'self'; img-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; "; @include('partials.default', ['domain' => $domain]) @yield('server') }