server { server_name {{ vhost.server_names | join(' ') }}; listen 443 ssl; listen [::]:443 ssl; ssl_certificate /etc/ssl/certs/{{ certificate_name | default(vhost.certificate_name) | default(vhost.name) }}.fullchain.pem; ssl_certificate_key /etc/ssl/private/{{ certificate_name | default(vhost.certificate_name) | default(vhost.name) }}.key.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; "; charset utf-8; {% if vhost.try_files is defined %} try_files {{ vhost.try_files }}; {% endif %} {% if vhost.locations is defined %} {% for loc in vhost.locations %} location {{ loc.location }} { {% if loc.proxy_pass is defined %} proxy_pass {{ loc.proxy_pass }}; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; {% endif %} {% if loc.alias is defined %} alias {{ loc.alias }}; {% endif %} {% if loc.try_files is defined %} try_files {{ loc.try_files }}; {% endif %} {% if loc.redirect is defined %} return 301 {{ loc.redirect }}; {% endif %} } {% endfor %} {% endif %} {% if vhost.root is defined %} root {{ vhost.root }}; {% endif %} {% if vhost.custom is defined %} {{ vhost.custom }} {% endif %} } server { listen 80; listen [::]:80; server_name {{ vhost.server_names | join(' ') }}; location /.well-known/acme-challenge { default_type "text/plain"; root /var/www/default; } location / { return 301 https://$host$request_uri; } }