masto-aio/ansible/roles/nginx/templates/nginx.conf

user nginx;

worker_processes    auto;

events { worker_connections 1024; }

http {

    charset utf-8;
    server {
        listen 80;
        server_name {{domain_name}};
        server_tokens off;

        location /.well-known/acme-challenge/ {
            root /var/www/certbot;
        }

        location / {
            return 301 https://$host$request_uri;
        }

    }

    server {
        # Hide nginx version information.
        server_tokens off;

        listen  443 ssl default_server;

        server_name {{domain_name}};

        root    /usr/share/nginx/html;
        include /etc/nginx/mime.types;

        ssl_certificate /etc/letsencrypt/live/{{domain_name}}/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/{{domain_name}}/privkey.pem;

        include /etc/letsencrypt/options-ssl-nginx.conf;
#        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

        location / {
            try_files $uri $uri/ /index.html;
        }

        gzip            on;
        gzip_vary       on;
        gzip_http_version  1.0;
        gzip_comp_level 5;
        gzip_types
                        application/atom+xml
                        application/javascript
                        application/json
                        application/rss+xml
                        application/vnd.ms-fontobject
                        application/x-font-ttf
                        application/x-web-app-manifest+json
                        application/xhtml+xml
                        application/xml
                        font/opentype
                        image/svg+xml
                        image/x-icon
                        text/css
                        text/plain
                        text/x-component;
        gzip_proxied    no-cache no-store private expired auth;
        gzip_min_length 256;
        gunzip          on;
    }

    include /etc/nginx/conf.d/*.conf;

}