server-setup-tools/nginx-templates/service.conf

server {
        location / {
                proxy_pass http://127.0.0.1:80/;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Host $server_name;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $http_connection;
                #client_max_body_size 0;
        }

        server_name FQDN;
        listen [::]:443 ssl http2;
        listen 443 ssl http2;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_certificate /etc/letsencrypt/live/FQDN/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/FQDN/privkey.pem;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        #include snippets/custom-error.conf;

        # HSTS (ngx_http_headers_module is required) (63072000 seconds)
        add_header Strict-Transport-Security "max-age=63072000" always;

        # OCSP stapling
        ssl_stapling on;
        ssl_stapling_verify on;
}

server {
        if ($host = FQDN) {
                return 301 https://$host$request_uri;
        }

        server_name FQDN;
        listen 80;
        listen [::]:80;
}
upload nginx-templates 2024-08-03 14:26:28 +02:00			`server {`
			`location / {`
			`proxy_pass http://127.0.0.1:80/;`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Host $server_name;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection $http_connection;`
			`#client_max_body_size 0;`
			`}`

			`server_name FQDN;`
			`listen [::]:443 ssl http2;`
			`listen 443 ssl http2;`
			`ssl_protocols TLSv1.2 TLSv1.3;`
			`ssl_certificate /etc/letsencrypt/live/FQDN/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/FQDN/privkey.pem;`
			`ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;`
			`include /etc/letsencrypt/options-ssl-nginx.conf;`
			`#include snippets/custom-error.conf;`

			`# HSTS (ngx_http_headers_module is required) (63072000 seconds)`
			`add_header Strict-Transport-Security "max-age=63072000" always;`

			`# OCSP stapling`
			`ssl_stapling on;`
			`ssl_stapling_verify on;`
			`}`

			`server {`
			`if ($host = FQDN) {`
			`return 301 https://$host$request_uri;`
			`}`

			`server_name FQDN;`
			`listen 80;`
			`listen [::]:80;`
			`}`