# ------------------------------------------------------------ # Default Site # ------------------------------------------------------------ {% if value == "congratulations" %} # Skipping output, congratulations page configration is baked in. {%- else %} server { listen 80 default_server; listen [::]:80 default_server; listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; listen 443 http3 default_server; listen [::]:443 http3 default_server; server_name default-host; include conf.d/include/force-ssl.conf; include conf.d/include/ssl-ciphers.conf; include conf.d/include/letsencrypt-acme-challenge.conf; include conf.d/include/block-exploits.conf; add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400'; ssl_certificate /data/nginx/dummycert.pem; ssl_certificate_key /data/nginx/dummykey.pem; {%- if value == "404" %} location / { include conf.d/include/letsencrypt-acme-challenge.conf; return 404; } {% endif %} {%- if value == "redirect" %} location / { include conf.d/include/letsencrypt-acme-challenge.conf; return 307 {{ meta.redirect }}; } {%- endif %} {%- if value == "html" %} root /data/nginx/default_www; location / { include conf.d/include/letsencrypt-acme-challenge.conf; try_files $uri /index.html; } {%- endif %} } {% endif %} # ------------------------------------------------------------ # prevent processing requests with undefined server names # ------------------------------------------------------------ server { listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; listen 443 http3; listen [::]:443 http3; server_name ""; return 444; include conf.d/include/force-ssl.conf; include conf.d/include/ssl-ciphers.conf; include conf.d/include/letsencrypt-acme-challenge.conf; include conf.d/include/block-exploits.conf; add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400'; ssl_certificate /data/nginx/dummycert.pem; ssl_certificate_key /data/nginx/dummykey.pem; }