templates/site-ssl.erb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

server {
  listen      443 ssl http2;
  server_name *.<%= @use_fqdn %> <%= @use_fqdn %>;

  ssl on;
  ssl_certificate     /etc/letsencrypt/live/<%= @use_fqdn %>/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/<%= @use_fqdn %>/privkey.pem;

  # enable HSTS header
  add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";

  location / {
    # preserve http header and set forwarded proto
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Proto https;

    # default proxy pass
    proxy_pass       http://<%= @backend %>:80;
  }
}