iac
/
ansible-role-nginx-config-svc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Optimize template

This commit is contained in:
nemunaire 2023-03-14 17:06:52 +01:00
parent 9da17568e9
commit d67ccd82fa
1 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
templates/nginx.conf.j2
View File

@ -2,7 +2,7 @@
{{ before_server }}
{% endif %}
server {
{% if nginx_listen80 is defined -%}
{% if nginx_listen80 is defined %}
{{ nginx_listen80 }}
{% else %}
listen 80;
@ -28,20 +28,20 @@ server {
# enforce https
return 301 https://$server_name:443$request_uri;
}
{% if unsecure_server is defined %}
{{ unsecure_server }}
{% endif %}
{% if unsecure_server is defined -%}
{{ unsecure_server | indent(4) }}
{%- endif %}
location /.well-known/acme-challenge {
{% if nginx_acme_challenge is defined %}
{{ nginx_acme_challenge }}
{% else %}
{%- else %}
root /var/www/acme;
{% endif %}
}
}
server {
{% if nginx_listen443 is defined -%}
{% if nginx_listen443 is defined %}
{{ nginx_listen443 }}
{% else %}
listen 443 ssl http2;
@ -63,20 +63,20 @@ server {
port_in_redirect off;
{% endif %}
{% if ssl_certificate is defined %}
{{ ssl_certificate }}
{% else %}
{% if ssl_certificate is defined -%}
{{ ssl_certificate | indent(4) }}
{% else -%}
ssl_certificate /etc/ssl/csr/{{ instance_name }}-fullchain.crt;
ssl_certificate_key /etc/ssl/private/{{ instance_name }}.pem;
{% endif %}
add_header X-XSS-Protection "0";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;" always;
{% if headers is defined %}{{ headers }}{% endif %}
{%+ if headers is defined %}{{ headers }}{% endif %}
{% if server %}
{% if server -%}
{{ server | indent(4) }}
{% endif %}
{%- endif %}
}
{% if redirect_to_first is defined and redirect_to_first and domains|length > 1 %}
server {
@ -105,7 +105,7 @@ server {
{% if ssl_certificate is defined %}
{{ ssl_certificate }}
{% else %}
ssl_certificate /etc/ssl/csr/{{ instance_name }}-fullchain.crt;
ssl_certificate /etc/ssl/csr/{{ instance_name }}-fullchain.crt;
ssl_certificate_key /etc/ssl/private/{{ instance_name }}.pem;
{% endif %}