default 1.39 KB
Newer Older
ale's avatar
ale committed
1 2 3 4 5 6 7 8 9 10

# Define a map with domain-level redirects.
map $http_host $top_level_domain_redirect {
  default "";

{% for domain, dest in nginx_top_level_domain_redirects|default({})|dictsort %}
  {{ domain }} {{ dest }};
{% endfor %}
}

ale's avatar
ale committed
11
server {
12
        listen [::]:{{ nginx_http_port }} default_server ipv6only=off;
ale's avatar
ale committed
13 14
        server_name _;

15 16 17
{# Only enable this if the 'acme' service is defined,
   or the basic tests will fail #}
{% if 'acme' in services %}
ale's avatar
ale committed
18 19
        # Handle ACME challenge verification.
        location /.well-known/acme-challenge {
godog's avatar
godog committed
20 21
                include /etc/nginx/snippets/proxy.conf;
                proxy_pass http://acme.{{ domain }}:5004;
ale's avatar
ale committed
22
        }
23
{% endif %}
ale's avatar
ale committed
24

ale's avatar
ale committed
25 26 27 28
	if ($top_level_domain_redirect) {
		return 301 $top_level_domain_redirect$request_uri;
	}

ale's avatar
ale committed
29 30 31 32 33 34 35
        # Redirect everything else to HTTPS.
        location / {
                return 301 https://$host$request_uri;
        }
}

server {
36
        listen [::]:{{ nginx_https_port }} http2 default_server ipv6only=off;
ale's avatar
ale committed
37 38 39
        server_name _;
        ssl on;

40 41
        ssl_certificate /etc/credentials/public/default/fullchain.pem;
        ssl_certificate_key /etc/credentials/public/default/privkey.pem;
ale's avatar
ale committed
42 43 44 45

        root /var/www/html;
        index index.html;

ale's avatar
ale committed
46 47 48 49 50
        location /healthcheck {
                 access_log off;
                 return 200 "OK\n";
        }

ale's avatar
ale committed
51 52 53 54
        location / {
                 try_files $uri $uri/ =404;
        }
}