|
|
server {
|
|
|
# Base settings.
|
|
|
listen 80;
|
|
|
root {{ home }}/htdocs/;
|
|
|
index {{ index }};
|
|
|
server_name {{ fqdn }};
|
|
|
|
|
|
# HTTP (plaintext) configuration.
|
|
|
listen 80;
|
|
|
|
|
|
# HTTPS (TLS) configuration.
|
|
|
listen 443 ssl;
|
|
|
listen [::]:443 ssl;
|
|
|
ssl_certificate_key /etc/ssl/private/{{ https_tls_key | basename }};
|
|
|
ssl_certificate /etc/ssl/certs/{{ https_tls_certificate | basename }};
|
|
|
|
|
|
{% if rewrites -%}
|
|
|
# Generic URL rewrites.
|
|
|
{% for rewrite in rewrites -%}
|
|
|
rewrite {{ rewrite }};
|
|
|
{% endfor -%}
|
|
|
{% endif %}
|
|
|
|
|
|
{% if deny_files_regex -%}
|
|
|
# Deny access to user-specified files.
|
|
|
{% for regex in deny_files_regex -%}
|
|
|
location ~ {{ regex }} {
|
|
|
deny all;
|