ansible-config/roles/hopglass-frontend/templates/nginx-site.j2

{% if hopglass_frontend_tls_crt is defined %}
server {
    server_name map.hamburg.freifunk.net hopglass.hamburg.freifunk.net;
    listen 443 ssl;
    listen [::]:443 ssl;
    ssl_certificate {{ hopglass_frontend_tls_crt }};
    ssl_certificate_key {{ hopglass_frontend_tls_key }};

    include snippets/header-hsts.conf;
    include snippets/no-unsafe-files.conf;

    add_header Referrer-Policy same-origin;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    proxy_hide_header Referrer-Policy;
    proxy_hide_header X-Content-Type-Options;
    proxy_hide_header X-XSS-Protection;

    root {{ hopglass_frontend_path }}/build;
}

{% endif %}
server {
    server_name map.hamburg.freifunk.net hopglass.hamburg.freifunk.net;
    listen 80;
    listen [::]:80;

{% if hopglass_frontend_tls_crt is defined %}
    location / {
        return 302 https://$host$request_uri;
    }
{% else %}
    include snippets/header-security.conf;
    include snippets/no-unsafe-files.conf;

    root {{ hopglass_frontend_path }}/build;
{% endif %}

    include snippets/location-acme.conf;
}
Add hopglass-frontend role 2018-11-03 00:00:16 +01:00			`{% if hopglass_frontend_tls_crt is defined %}`
			`server {`
Update hopglass-frontend server name 2018-11-05 21:30:34 +01:00			`server_name map.hamburg.freifunk.net hopglass.hamburg.freifunk.net;`
Add hopglass-frontend role 2018-11-03 00:00:16 +01:00			`listen 443 ssl;`
			`listen [::]:443 ssl;`
			`ssl_certificate {{ hopglass_frontend_tls_crt }};`
			`ssl_certificate_key {{ hopglass_frontend_tls_key }};`

Update hopglass-frontend site template 2018-11-10 14:39:10 +01:00			`include snippets/header-hsts.conf;`
			`include snippets/no-unsafe-files.conf;`
Add hopglass-frontend role 2018-11-03 00:00:16 +01:00
Update hopglass-frontend templates 2019-06-14 22:12:07 +02:00			`add_header Referrer-Policy same-origin;`
			`add_header X-Content-Type-Options nosniff;`
			`add_header X-XSS-Protection "1; mode=block";`
			`proxy_hide_header Referrer-Policy;`
			`proxy_hide_header X-Content-Type-Options;`
			`proxy_hide_header X-XSS-Protection;`

Add hopglass-frontend role 2018-11-03 00:00:16 +01:00			`root {{ hopglass_frontend_path }}/build;`
			`}`

			`{% endif %}`
			`server {`
Update hopglass-frontend server name 2018-11-05 21:30:34 +01:00			`server_name map.hamburg.freifunk.net hopglass.hamburg.freifunk.net;`
Add hopglass-frontend role 2018-11-03 00:00:16 +01:00			`listen 80;`
			`listen [::]:80;`

			`{% if hopglass_frontend_tls_crt is defined %}`
nginx: add security-related headers 2018-11-16 22:34:59 +01:00			`location / {`
			`return 302 https://$host$request_uri;`
			`}`
Add hopglass-frontend role 2018-11-03 00:00:16 +01:00			`{% else %}`
nginx: add security-related headers 2018-11-16 22:34:59 +01:00			`include snippets/header-security.conf;`
Update hopglass-frontend site template 2018-11-10 14:39:10 +01:00			`include snippets/no-unsafe-files.conf;`
Add hopglass-frontend role 2018-11-03 00:00:16 +01:00
			`root {{ hopglass_frontend_path }}/build;`
			`{% endif %}`
Update hopglass-frontend site template 2018-11-10 14:39:10 +01:00
			`include snippets/location-acme.conf;`
Add hopglass-frontend role 2018-11-03 00:00:16 +01:00			`}`