server { listen 80; listen [::]:80; server_name {{ $domain }}@if ($redirect_www) www.{{ $domain }}@endif; return 301 https://{{ $domain }}$request_uri; } @if ($redirect_www) server { listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate /etc/letsencrypt/live/www.{{ $domain }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.{{ $domain }}/privkey.pem; include /etc/nginx/snippets/ssl-params.conf; include /etc/nginx/snippets/secure-headers.conf; server_name www.{{ $domain }}; return 301 https://{{ $domain }}$request_uri; } @endif server { listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate /etc/letsencrypt/live/{{ $domain }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{ $domain }}/privkey.pem; include /etc/nginx/snippets/ssl-params.conf; include /etc/nginx/snippets/secure-headers.conf; @include('partials.default', ['domain' => $domain]) @yield('server') }