4 server_name <%= @name %> <% @aliases.each do |alias_name| %> <%= alias_name %><%- end -%>;
6 rewrite ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 permanent;
7 return 301 https://$host$request_uri;
12 listen [::]:443 ssl http2;
13 server_name <%= @name %> <% @aliases.each do |alias_name| %> <%= alias_name %><%- end -%>;
15 ssl_certificate /etc/ssl/certs/<%= @name %>.pem;
16 ssl_certificate_key /etc/ssl/private/<%= @name %>.key;
17 <% if node[:ssl][:strict_transport_security] -%>
19 add_header Strict-Transport-Security "<%= node[:ssl][:strict_transport_security] %>" always;
22 # Requests sent within early data are subject to replay attacks.
23 # See: http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
26 # root "/srv/<%= @name %>";
29 gzip_types text/plain text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml image/svg+xml; # text/html is implicit
31 gzip_http_version 1.0;
36 location /api/v1/titiler {
37 rewrite ^/api/v1/titiler(.*)$ $1 break;
38 proxy_pass http://localhost:8080;
39 proxy_set_header HOST $host;
40 proxy_set_header Referer $http_referer;
41 proxy_set_header X-Forwarded-For $remote_addr;
42 proxy_set_header X-Forwarded-Proto $scheme;