## Managed by Ansible ##

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name {{ webserver_domain }} www.{{ webserver_domain }};
    # enforce https
    return 301 https://$server_name$request_uri;
}

server {
    # Enable HTTP/2
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    server_name {{ webserver_domain }} www.{{ webserver_domain }};

    include global/cert.conf;
    include global/header.conf;

    add_header Strict-Transport-Security "max-age=63072000" always;

    # deny access and return teapot
    location / {
        deny all;
        return 418;
    }
}