diff options
Diffstat (limited to 'roles/nginx/vhost/templates/generic.conf.j2')
-rw-r--r-- | roles/nginx/vhost/templates/generic.conf.j2 | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/roles/nginx/vhost/templates/generic.conf.j2 b/roles/nginx/vhost/templates/generic.conf.j2 index 5c7576e7..434fa679 100644 --- a/roles/nginx/vhost/templates/generic.conf.j2 +++ b/roles/nginx/vhost/templates/generic.conf.j2 @@ -3,9 +3,11 @@ server { listen [::]:80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; server_name {{ nginx_vhost.hostnames | join(' ') }}; -{% if 'acme' in nginx_vhost and nginx_vhost.acme %} +{% if 'tls' in nginx_vhost %} +{% if nginx_vhost.tls.certificate_provider == 'acmetool' %} include snippets/acmetool.conf; +{% endif %} location / { return 301 https://$host$request_uri; } @@ -16,11 +18,15 @@ server { listen [::]:443 ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; server_name {{ nginx_vhost.hostnames | join(' ') }}; +{% if nginx_vhost.tls.certificate_provider == 'acmetool' %} include snippets/acmetool.conf; - include snippets/tls{% if 'tls_variant' in nginx_vhost %}-{{ nginx_vhost.tls_variant }}{% endif %}.conf; +{% endif %} + include snippets/tls{% if 'variant' in nginx_vhost.tls %}-{{ nginx_vhost.tls.variant }}{% endif %}.conf; ssl_certificate {{ x509_certificate_path_fullchain }}; ssl_certificate_key {{ x509_certificate_path_key }}; +{% if 'hsts' not in nginx_vhost.tls or nginx_vhost.tls.hsts %} include snippets/hsts.conf; +{% endif %} {% endif %} {% if 'extra_directives' in nginx_vhost %} |