# certbot certonly --non-interactive --text --email {{ data.email }} --agree-tos --force-renew --webroot --webroot-path /var/www/_letsencrypt --domain {{ data.domain }} --domain www.{{ data.domain }}{{ data.cdn ? ' --domain cdn.' + data.domain : '' }} server { listen 443 ssl{{ data.http2 ? ' http2' : '' }}; listen [::]:443 ssl{{ data.http2 ? ' http2' : '' }}; server_name {{ !data.non_www ? 'www.' : '' }}{{ data.domain }}; set $base /var/www/{{ data.domain }}; root $base{{ data.document_root }}; root /var/www/{{ data.domain }}{{ data.document_root }}; ssl_certificate /etc/letsencrypt/live/{{ data.domain }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{ data.domain }}/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/{{ data.domain }}/fullchain.pem; location / { try_files $uri $uri/ {{ data.index_html ? '/index.html' : '' }}{{ data.index_html && data.php !== 'off' && data.index_php ? ' ' : '' }}{{ data.php !== 'off' && data.index_php ? '/index.php?$query_string' : '' }}; } include _general.conf; include _wordpress.conf; include _php.conf; include _letsencrypt.conf; include _ssl.conf; include _ssl.conf; } # CDN server { listen 443 ssl{{ data.http2 ? ' http2' : '' }}; listen [::]:443 ssl{{ data.http2 ? ' http2' : '' }}; server_name cdn.{{ data.domain }}; root /var/www/{{ data.domain }}{{ data.document_root }}; access_log off; ssl_certificate /etc/letsencrypt/live/{{ data.domain }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{ data.domain }}/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/{{ data.domain }}/fullchain.pem; # gzip gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_types {{ gzipTypes }}; include _ssl.conf; location ~* \.(?:{{ extensions.assets }}|{{ extensions.fonts }}|{{ extensions.svg }}|{{ extensions.images }}|{{ extensions.audio }}|{{ extensions.video }}|{{ extensions.docs }})$ { add_header Access-Control-Allow-Origin "*"; add_header Cache-Control "public"; expires 30d; } location / { deny all; } } # HTTPS {{ !data.non_www ? 'domain, ' : '' }}subdomains redirect server { listen 443 ssl{{ data.http2 ? ' http2' : '' }}; listen [::]:443 ssl{{ data.http2 ? ' http2' : '' }}; server_name {{ !data.non_www ? data.domain + ' ' : '' }}*.{{ data.domain }}; ssl_certificate /etc/letsencrypt/live/{{ data.domain }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{ data.domain }}/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/{{ data.domain }}/fullchain.pem; include _ssl.conf; return 301 https://{{ !data.non_www ? 'www.' : '' }}{{ data.domain }}$request_uri; } # HTTP redirect server { listen 80; listen [::]:80; server_name {{ data.domain }} *.{{ data.domain }}; include _letsencrypt.conf; return 301 https://{{ !data.non_www ? 'www.' : '' }}{{ data.domain }}$request_uri; }server { listen 80; listen [::]:80; server_name {{ !data.non_www ? 'www.' : '' }}{{ data.domain }}; set $base /var/www/{{ data.domain }}; root $base{{ data.document_root }}; root /var/www/{{ data.domain }}{{ data.document_root }}; location / { try_files $uri $uri/ {{ data.index_html ? '/index.html' : '' }}{{ data.index_html && data.php !== 'off' && data.index_php ? ' ' : '' }}{{ data.php !== 'off' && data.index_php ? '/index.php?$query_string' : '' }}; } include _general.conf; include _wordpress.conf; include _php.conf; } # CDN server { listen 80; listen [::]:80; server_name cdn.{{ data.domain }}; root /var/www/{{ data.domain }}{{ data.document_root }}; access_log off; # gzip gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_types {{ gzipTypes }}; location ~* \.(?:{{ extensions.assets }}|{{ extensions.fonts }}|{{ extensions.svg }}|{{ extensions.images }}|{{ extensions.audio }}|{{ extensions.video }}|{{ extensions.docs }})$ { add_header Access-Control-Allow-Origin "*"; add_header Cache-Control "public"; expires 30d; } location / { deny all; } } # {{ !data.non_www ? 'domain, ' : '' }}subdomains redirect server { listen 80; listen [::]:80; server_name {{ !data.non_www ? data.domain + ' ' : '' }}*.{{ data.domain }}; return 301 http://{{ !data.non_www ? 'www.' : '' }}{{ data.domain }}$request_uri; }