diff options
Diffstat (limited to 'roles/elevate/media/templates/nextcloud-nginx.conf.j2')
-rw-r--r-- | roles/elevate/media/templates/nextcloud-nginx.conf.j2 | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/roles/elevate/media/templates/nextcloud-nginx.conf.j2 b/roles/elevate/media/templates/nextcloud-nginx.conf.j2 index 0c39b4a1..50a0cdc5 100644 --- a/roles/elevate/media/templates/nextcloud-nginx.conf.j2 +++ b/roles/elevate/media/templates/nextcloud-nginx.conf.j2 @@ -6,6 +6,19 @@ server { listen 80; listen [::]:80; server_name {{ nextcloud_hostnames | join(' ') }}; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name cloud.example.com; + + include snippets/acmetool.conf; + include snippets/ssl.conf; + ssl_certificate /var/lib/acme/live/{{ nextcloud_hostnames[0] }}/fullchain; + ssl_certificate_key /var/lib/acme/live/{{ nextcloud_hostnames[0] }}/privkey; + include snippets/hsts.conf; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; @@ -78,6 +91,8 @@ server { location ~ \.(?:css|js|woff2?|svg|gif)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463"; + ## It is intended to have hsts duplicated to the one above + include snippets/hsts.conf; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; |