36 lines
1,009 B
Django/Jinja
36 lines
1,009 B
Django/Jinja
{% macro zeitbild_backend_common() %}
|
|
location / {
|
|
proxy_pass http://localhost:{{var_zeitbild_backend_and_nginx_port | string}};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
{% endmacro %}
|
|
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
|
|
server_name {{var_zeitbild_backend_and_nginx_domain}};
|
|
|
|
{% if var_zeitbild_backend_and_nginx_tls_mode == 'force' %}
|
|
return 301 https://$http_host$request_uri;
|
|
{% else %}
|
|
{{ zeitbild_backend_common() }}
|
|
{% endif %}
|
|
}
|
|
|
|
{% if var_zeitbild_backend_and_nginx_tls_mode != 'disable' %}
|
|
server {
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
|
|
server_name {{var_zeitbild_backend_and_nginx_domain}};
|
|
|
|
ssl_certificate_key /etc/ssl/private/{{var_zeitbild_backend_and_nginx_domain}}.pem;
|
|
ssl_certificate /etc/ssl/fullchains/{{var_zeitbild_backend_and_nginx_domain}}.pem;
|
|
include /etc/nginx/ssl-hardening.conf;
|
|
|
|
{{ zeitbild_backend_common() }}
|
|
}
|