|
@@ -58,6 +58,10 @@ log_format vhost '$host $remote_addr - $remote_user [$time_local] '
|
|
|
|
|
|
access_log off;
|
|
access_log off;
|
|
|
|
|
|
|
|
+{{ if ne $.Env.RESOLVERS "" }}
|
|
|
|
+resolver {{ $.Env.RESOLVERS }};
|
|
|
|
+{{ end }}
|
|
|
|
+
|
|
{{ if (exists "/etc/nginx/proxy.conf") }}
|
|
{{ if (exists "/etc/nginx/proxy.conf") }}
|
|
include /etc/nginx/proxy.conf;
|
|
include /etc/nginx/proxy.conf;
|
|
{{ else }}
|
|
{{ else }}
|
|
@@ -198,6 +202,12 @@ server {
|
|
ssl_dhparam {{ printf "/etc/nginx/certs/%s.dhparam.pem" $cert }};
|
|
ssl_dhparam {{ printf "/etc/nginx/certs/%s.dhparam.pem" $cert }};
|
|
{{ end }}
|
|
{{ end }}
|
|
|
|
|
|
|
|
+ {{ if (exists (printf "/etc/nginx/certs/%s.chain.crt" $cert)) }}
|
|
|
|
+ ssl_stapling on;
|
|
|
|
+ ssl_stapling_verify on;
|
|
|
|
+ ssl_trusted_certificate {{ printf "/etc/nginx/certs/%s.chain.crt" $cert }};
|
|
|
|
+ {{ end }}
|
|
|
|
+
|
|
{{ if (ne $https_method "noredirect") }}
|
|
{{ if (ne $https_method "noredirect") }}
|
|
add_header Strict-Transport-Security "max-age=31536000";
|
|
add_header Strict-Transport-Security "max-age=31536000";
|
|
{{ end }}
|
|
{{ end }}
|