<% if @cache == true -%> proxy_cache_path /var/cache/nginx/<%= @name %> levels=<%= @cache_levels %> keys_zone=<%= @name %>:<%= @cache_size %> inactive=<%= @cache_inactive %> max_size=<%= @cache_max_size %>; <% end -%> server { listen 443; server_name <%= @server_name %> <%= @aliases %>; ssl on; ssl_certificate /etc/letsencrypt/live/<%= @server_name %>/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/<%= @server_name %>/privkey.pem; # enable HSTS header add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload"; # clickjacking protection add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Frame-Options <%= @x_frame_options %>; location / { # preserve http header and set forwarded proto proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto https; # default proxy pass proxy_pass http://<%= @backend %>:80; <% if @cache == true -%> # cache config proxy_cache <%= @name %>; <% end -%> } }