diff options
Diffstat (limited to 'roles/nginx/vhost/templates/tls-only.conf.j2')
-rw-r--r-- | roles/nginx/vhost/templates/tls-only.conf.j2 | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/roles/nginx/vhost/templates/tls-only.conf.j2 b/roles/nginx/vhost/templates/tls-only.conf.j2 new file mode 100644 index 00000000..122e2f4f --- /dev/null +++ b/roles/nginx/vhost/templates/tls-only.conf.j2 @@ -0,0 +1,27 @@ +server { +{% for listen in (nginx_vhost.tls.listen | default(['443', '[::]:443'])) %} + listen {{ listen }} ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; +{% endfor %} + server_name {{ nginx_vhost.hostnames | default(['_']) | join(' ') }}; + +{% if 'logs' in nginx_vhost %} +{% if 'access' in nginx_vhost.logs %} + access_log {{ nginx_vhost.logs.access }}; +{% endif %} +{% if 'error' in nginx_vhost.logs %} + error_log {{ nginx_vhost.logs.error }}; +{% endif %} + +{% endif %} +{% if nginx_vhost.tls.certificate_provider == 'acmetool' or nginx_vhost.tls.certificate_provider == 'uacme' %} + include snippets/{{ nginx_vhost.tls.certificate_provider }}.conf; +{% endif %} + include snippets/tls{% if 'variant' in nginx_vhost.tls %}-{{ nginx_vhost.tls.variant }}{% endif %}.conf; + ssl_certificate {{ x509_certificate_path_fullchain }}; + ssl_certificate_key {{ x509_certificate_path_key }}; +{% if 'hsts' not in nginx_vhost.tls or nginx_vhost.tls.hsts %} + include snippets/hsts.conf; +{% endif %} + +{% include 'includes/body.j2' %} +} |