57 lines
1.3 KiB
Text
57 lines
1.3 KiB
Text
|
# Generated by ansible for site {{ item.url }}
|
||
|
# At {{ item.subnet_site_ip }} on {{ item.subnet_cidr_address }}
|
||
|
|
||
|
server {
|
||
|
listen 80;
|
||
|
listen [::]:80;
|
||
|
server_name {{ item.url }} www.{{ item.url }};
|
||
|
|
||
|
# Let's Encrypt
|
||
|
include snippets/letsencrypt.conf;
|
||
|
|
||
|
location / {
|
||
|
{% if item.redirect_to_www %}
|
||
|
return 301 https://www.{{ item.url }}$request_uri;
|
||
|
{% else %}
|
||
|
return 301 https://{{ item.url }}$request_uri;
|
||
|
{% endif %}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
server {
|
||
|
listen 443 ssl;
|
||
|
listen [::]:443 ssl;
|
||
|
server_name {{ item.url }} www.{{ item.url }};
|
||
|
|
||
|
access_log /var/log/nginx/{{ item.slug }}-access.log;
|
||
|
error_log /var/log/nginx/error.log;
|
||
|
|
||
|
{% if item.redirect_to_www %}
|
||
|
# Redirect non-www to www
|
||
|
if ($host = {{ item.url }}) {
|
||
|
rewrite ^ https://www.{{ item.url }}$request_uri permanent;
|
||
|
}
|
||
|
{% else %}
|
||
|
# Redirect www to non-www
|
||
|
if ($host = www.{{ item.url }}) {
|
||
|
rewrite ^ https://{{ item.url }}$request_uri permanent;
|
||
|
}
|
||
|
{% endif %}
|
||
|
|
||
|
# Let's Encrypt
|
||
|
include snippets/letsencrypt.conf;
|
||
|
|
||
|
include snippets/ssl-params.conf;
|
||
|
ssl_certificate /etc/letsencrypt/live/{{ item.url }}/fullchain.pem;
|
||
|
ssl_certificate_key /etc/letsencrypt/live/{{ item.url }}/privkey.pem;
|
||
|
|
||
|
include snippets/header-params_server.conf;
|
||
|
location / {
|
||
|
include snippets/header-params_location.conf;
|
||
|
|
||
|
proxy_pass http://{{ item.subnet_site_ip }}:80;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|