# {{ ansible_managed }} server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name {{ git_server_domain }}; client_max_body_size 4G; {% if git_server_bootstrap_cert %} include "snippets/snakeoil.conf"; {% else %} ssl_certificate "/var/lib/dehydrated/certs/{{ git_server_domain }}/fullchain.pem"; ssl_certificate_key "/var/lib/dehydrated/certs/{{ git_server_domain }}/privkey.pem"; {% endif %} add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header X-Robots-Tag noindex; location / { proxy_pass http://localhost:9001; include proxy_params; } location ~* \.keys$ { deny all; } include "snippets/acme.conf"; } server { listen 80; listen [::]:80; server_name {{ git_server_domain }}; location / { rewrite ^/(.*) https://$server_name$request_uri? redirect; } include "snippets/acme.conf"; }