server { {% for listen in (nginx_vhost.listen | default(['80', '[::]:80'])) %} listen {{ listen }}{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; {% endfor %} server_name {{ nginx_vhost.hostnames | default(['_']) | join(' ') }}; access_log {{ nginx_vhost.logs.access | default('/var/log/nginx/' ~ nginx_vhost.name ~ '_access.log') }}; error_log {{ nginx_vhost.logs.error | default('/var/log/nginx/' ~ nginx_vhost.name ~ '_error.log') }}; {% if 'tls' in nginx_vhost %} {% if nginx_vhost.tls.certificate_provider == 'acmetool' or nginx_vhost.tls.certificate_provider == 'uacme' %} include snippets/{{ nginx_vhost.tls.certificate_provider }}.conf; {% endif %} location / { return 301 https://$host$request_uri; } } server { {% for listen in (nginx_vhost.tls.listen | default(['443', '[::]:443'])) %} listen {{ listen }} ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; {% endfor %} server_name {{ nginx_vhost.hostnames | default(['_']) | join(' ') }}; access_log {{ nginx_vhost.logs.access | default('/var/log/nginx/' ~ nginx_vhost.name ~ '_access.log') }}; error_log {{ nginx_vhost.logs.error | default('/var/log/nginx/' ~ nginx_vhost.name ~ '_error.log') }}; {% if nginx_vhost.tls.certificate_provider == 'acmetool' or nginx_vhost.tls.certificate_provider == 'uacme' %} include snippets/{{ nginx_vhost.tls.certificate_provider }}.conf; {% endif %} include snippets/tls{% if 'variant' in nginx_vhost.tls %}-{{ nginx_vhost.tls.variant }}{% endif %}.conf; ssl_certificate {{ x509_certificate_path_fullchain }}; ssl_certificate_key {{ x509_certificate_path_key }}; {% if 'hsts' not in nginx_vhost.tls or nginx_vhost.tls.hsts %} include snippets/hsts.conf; {% endif %} {% endif %} {% include 'includes/body.j2' %} }