# # Default server (vhost) configuration. # server { # HTTP (plaintext) configuration. listen 80 default_server; listen [::]:80 default_server; # Set server_name to something that won't be matched (for default server). server_name _; # Redirect plaintext connections to HTTPS return 301 https://$host$request_uri; } server { # HTTPS (TLS) configuration. listen 443 ssl default_server; listen [::]:443 ssl default_server; ssl_certificate_key /etc/ssl/private/{{ ansible_fqdn }}_https.key; ssl_certificate /etc/ssl/certs/{{ ansible_fqdn }}_https.pem; # Set-up HSTS header for preventing downgrades for users that visited the # site via HTTPS at least once. add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; # Set-up the serving of default page. root /var/www/default/; index index.html; # Set server_name to something that won't be matched (for default server). server_name _; location / { # Always point user to the same index page. try_files $uri /index.html; } {% if environment_indicator -%} # Show environment indicator on HTML pages. sub_filter_types text/html; sub_filter_once on; sub_filter "" "

🞀🞂

"; {% endif -%} }