Optimize template
This commit is contained in:
parent
9da17568e9
commit
d67ccd82fa
|
|
@ -2,10 +2,10 @@
|
|||
{{ before_server }}
|
||||
{% endif %}
|
||||
server {
|
||||
{% if nginx_listen80 is defined -%}
|
||||
{{ nginx_listen80 }}
|
||||
{% if nginx_listen80 is defined %}
|
||||
{{ nginx_listen80 }}
|
||||
{% else %}
|
||||
listen 80;
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
{% endif %}
|
||||
{% if proxy_protocol is defined %}
|
||||
|
|
@ -28,26 +28,26 @@ server {
|
|||
# enforce https
|
||||
return 301 https://$server_name:443$request_uri;
|
||||
}
|
||||
{% if unsecure_server is defined %}
|
||||
{{ unsecure_server }}
|
||||
{% endif %}
|
||||
{% if unsecure_server is defined -%}
|
||||
{{ unsecure_server | indent(4) }}
|
||||
{%- endif %}
|
||||
location /.well-known/acme-challenge {
|
||||
{% if nginx_acme_challenge is defined %}
|
||||
{{ nginx_acme_challenge }}
|
||||
{% else %}
|
||||
{%- else %}
|
||||
root /var/www/acme;
|
||||
{% endif %}
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
{% if nginx_listen443 is defined -%}
|
||||
{{ nginx_listen443 }}
|
||||
{% if nginx_listen443 is defined %}
|
||||
{{ nginx_listen443 }}
|
||||
{% else %}
|
||||
listen 443 ssl http2;
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
{% endif %}
|
||||
server_name {% if redirect_to_first is not defined or not redirect_to_first %}{{ domains | join(' ') }}{% else %}{{ domains[0] }}{% endif %};
|
||||
server_name {% if redirect_to_first is not defined or not redirect_to_first %}{{ domains | join(' ') }}{% else %}{{ domains[0] }}{% endif %};
|
||||
{% if proxy_protocol is defined %}
|
||||
|
||||
listen 442 ssl http2 proxy_protocol;
|
||||
|
|
@ -63,30 +63,30 @@ server {
|
|||
port_in_redirect off;
|
||||
{% endif %}
|
||||
|
||||
{% if ssl_certificate is defined %}
|
||||
{{ ssl_certificate }}
|
||||
{% else %}
|
||||
{% if ssl_certificate is defined -%}
|
||||
{{ ssl_certificate | indent(4) }}
|
||||
{% else -%}
|
||||
ssl_certificate /etc/ssl/csr/{{ instance_name }}-fullchain.crt;
|
||||
ssl_certificate_key /etc/ssl/private/{{ instance_name }}.pem;
|
||||
{% endif %}
|
||||
|
||||
add_header X-XSS-Protection "0";
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;" always;
|
||||
{% if headers is defined %}{{ headers }}{% endif %}
|
||||
{%+ if headers is defined %}{{ headers }}{% endif %}
|
||||
|
||||
{% if server %}
|
||||
{% if server -%}
|
||||
{{ server | indent(4) }}
|
||||
{% endif %}
|
||||
{%- endif %}
|
||||
}
|
||||
{% if redirect_to_first is defined and redirect_to_first and domains|length > 1 %}
|
||||
server {
|
||||
{% if nginx_listen443 is defined -%}
|
||||
{{ nginx_listen443 }}
|
||||
{% else %}
|
||||
listen 443 ssl http2;
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
{% endif %}
|
||||
server_name {{ domains[1:] | join(' ') }};
|
||||
server_name {{ domains[1:] | join(' ') }};
|
||||
{% if proxy_protocol is defined %}
|
||||
|
||||
listen 442 ssl http2 proxy_protocol;
|
||||
|
|
@ -105,7 +105,7 @@ server {
|
|||
{% if ssl_certificate is defined %}
|
||||
{{ ssl_certificate }}
|
||||
{% else %}
|
||||
ssl_certificate /etc/ssl/csr/{{ instance_name }}-fullchain.crt;
|
||||
ssl_certificate /etc/ssl/csr/{{ instance_name }}-fullchain.crt;
|
||||
ssl_certificate_key /etc/ssl/private/{{ instance_name }}.pem;
|
||||
{% endif %}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue