server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name {{ $domain }}@if ($redirect_www) www.{{ $domain }}@endif;
|
|
return 301 https://{{ $domain }}$request_uri;
|
|
}
|
|
|
|
@if ($redirect_www)
|
|
server {
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/www.{{ $domain }}/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/www.{{ $domain }}/privkey.pem;
|
|
|
|
include /etc/nginx/snippets/ssl-params.conf;
|
|
include /etc/nginx/snippets/secure-headers.conf;
|
|
|
|
server_name www.{{ $domain }};
|
|
return 301 https://{{ $domain }}$request_uri;
|
|
}
|
|
@endif
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/{{ $domain }}/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/{{ $domain }}/privkey.pem;
|
|
|
|
include /etc/nginx/snippets/ssl-params.conf;
|
|
include /etc/nginx/snippets/secure-headers.conf;
|
|
|
|
add_header Content-Security-Policy "
|
|
default-src 'self';
|
|
font-src 'self';
|
|
style-src 'self';
|
|
img-src 'self';
|
|
base-uri 'self';
|
|
form-action 'self';
|
|
frame-ancestors 'self';
|
|
";
|
|
|
|
@include('partials.default', ['domain' => $domain])
|
|
|
|
@yield('server')
|
|
}
|