27 lines
653 B
Django/Jinja
27 lines
653 B
Django/Jinja
## Managed by Ansible ##
|
|
|
|
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
server_name {{ webserver_domain }} www.{{ webserver_domain }};
|
|
# enforce https
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
|
|
server {
|
|
# Enable HTTP/2
|
|
listen 443 ssl http2 default_server;
|
|
listen [::]:443 ssl http2 default_server;
|
|
server_name {{ webserver_domain }} www.{{ webserver_domain }};
|
|
|
|
include global/cert.conf;
|
|
include global/header.conf;
|
|
|
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
|
|
|
# deny access and return teapot
|
|
location / {
|
|
deny all;
|
|
return 418;
|
|
}
|
|
} |