{% macro zeitbild_backend_common() %} location / { proxy_pass http://localhost:{{var_zeitbild_backend_and_nginx_port | string}}; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } {% endmacro %} server { listen 80; listen [::]:80; server_name {{var_zeitbild_backend_and_nginx_domain}}; {% if var_zeitbild_backend_and_nginx_tls_mode == 'force' %} return 301 https://$http_host$request_uri; {% else %} {{ zeitbild_backend_common() }} {% endif %} } {% if var_zeitbild_backend_and_nginx_tls_mode != 'disable' %} server { listen 443 ssl; listen [::]:443 ssl; server_name {{var_zeitbild_backend_and_nginx_domain}}; ssl_certificate_key /etc/ssl/private/{{var_zeitbild_backend_and_nginx_domain}}.pem; ssl_certificate /etc/ssl/fullchains/{{var_zeitbild_backend_and_nginx_domain}}.pem; include /etc/nginx/ssl-hardening.conf; {{ zeitbild_backend_common() }} }