{{ ansible_managed | comment }} server { listen 80; listen [::]:80; server_name {{ item.key }}; # Redirect to https location / { return 302 https://$host$request_uri; } include /etc/nginx/mime.types; default_type application/octet-stream; # FLoC you google add_header Permissions-Policy interest-cohort=(); {% if in_memoriam is defined -%} # "A man is not dead while his name is still spoken." -- Going Postal add_header X-Clacks-Overhead "GNU {{ ', '.join(in_memoriam) }}"; {%- endif %} } server { # listen port + ssl {# <- TODO: Allow other ports -> -#} listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate /etc/nginx/certs/{{ item.key }}.crt; ssl_certificate_key /etc/nginx/certs/{{ item.key }}.key; {# <- TODO: Allow other ports -> #} server_name {{ item.key }}; {# <- TODO: move this to defaut root snippets -> -#} include /etc/nginx/mime.types; default_type application/octet-stream; # FLoC you google add_header Permissions-Policy interest-cohort=(); {% if in_memoriam is defined -%} # "A man is not dead while his name is still spoken." -- Going Postal add_header X-Clacks-Overhead "GNU {{ ', '.join(in_memoriam) }}"; {% endif -%} {# <- TODO: move this to defaut root snippets -> -#} # Logs access_log /var/log/nginx/{{ item.key }}.log; error_log /var/log/nginx/{{ item.key }}_error.log; {% for location in (item.value.locations | default([]) | dict2items) -%} location {{ location.key }} { {% filter indent(width=8) -%} {% include location.value.template -%} {%- endfilter %} } {%- endfor %} }