ansible-infra/resources/chaosknoten/mumble/nginx/mumble.hamburg.ccc.de.conf

server {
	root /var/www/html;
    server_name mumble.hamburg.ccc.de; # managed by Certbot

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot

    ssl_certificate /etc/letsencrypt/live/mumble.hamburg.ccc.de/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mumble.hamburg.ccc.de/privkey.pem; # managed by Certbot
    # verify chain of trust of OCSP response using Root CA and Intermediate certs
    ssl_trusted_certificate /etc/letsencrypt/live/mumble.hamburg.ccc.de/chain.pem;

    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
    add_header Strict-Transport-Security "max-age=63072000" always;

    location /static {
        alias /opt/mailman/web/static;
        autoindex off;
    }

    location / {
          return 302 https://wiki.hamburg.ccc.de/infrastructure:services:mumble;
    }

    location /metrics {
        proxy_pass http://127.0.0.1:9123/;        
    }
}