server { # HTTP (plaintext) configuration. listen 80; server_name {{ fqdn }}; # Redirect plaintext connections to HTTPS return 301 https://$host$request_uri; } server { # Base settings. root {{ home }}/htdocs/; index {{ index }}; server_name {{ fqdn }}; # HTTPS (TLS) configuration. listen 443 ssl; listen [::]:443 ssl; ssl_certificate_key /etc/ssl/private/{{ fqdn }}_https.key; ssl_certificate /etc/ssl/certs/{{ fqdn }}_https.pem; # Set-up HSTS header for preventing downgrades for users that visited the # site via HTTPS at least once. add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; {% for config in additional_nginx_config -%} # {{ config.comment }} {{ config.value }} {% endfor -%} {% if rewrites -%} # Generic URL rewrites. {% for rewrite in rewrites -%} rewrite {{ rewrite }}; {% endfor -%} {% endif %} {% if deny_files_regex -%} # Deny access to user-specified files. {% for regex in deny_files_regex -%} location ~ {{ regex }} { deny all; } {% endfor -%} {% endif %} # Interpret PHP files via FastCGI. location ~ {{ php_file_regex }} { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/{{ fqdn }}.sock; } # Serve the files. location ~ /(.+) { try_files $uri $uri/{% if php_rewrite_urls %} @php_rewrite{% else %} =404{% endif %}; } {% if php_rewrite_urls -%} # Apply URL rewrites. location @php_rewrite { {% for rewrite in php_rewrite_urls %} rewrite {{ rewrite }}; {% endfor -%} } {% endif -%} {% if environment_indicator -%} # Show environment indicator on HTML pages. sub_filter_types text/html; sub_filter_once on; sub_filter "" "

"; {% endif -%} access_log /var/log/nginx/{{ fqdn }}-access.log; error_log /var/log/nginx/{{ fqdn }}-error.log; }