#
# {{ ansible_managed }} {{ansible_date_time.iso8601}} {{ ansible_date_time.tz_offset }}
#

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

## Default server configuration
##
#server {
#        listen 80 default_server;
#        listen [::]:80 default_server;
#
#	#root /var/www/html;
#
#        # Add index.php to the list if you are using PHP
#	#index index.html index.htm index.nginx-debian.html;
#
#	# server_name _;
#	server_name   {{ inventory_hostname }};
#	include /etc/nginx/default.d/acme.conf;
#
#	location / {
#	#       # First attempt to serve request as file, then
#	#       # as directory, then fall back to displaying a 404.
#	#       try_files $uri $uri/ =404;
#		return           301 https://$host$request_uri;
#	}
#
#        # pass PHP scripts to FastCGI server
#        #
#        #location ~ \.php$ {
#        #       include snippets/fastcgi-php.conf;
#        #
#        #       # With php-fpm (or other unix sockets):
#        #       fastcgi_pass unix:/run/php/php7.3-fpm.sock;
#        #       # With php-cgi (or other tcp sockets):
#        #       fastcgi_pass 127.0.0.1:9000;
#        #}
#
#        # deny access to .htaccess files, if Apache's document root
#        # concurs with nginx's one
#        #
#        #location ~ /\.ht {
#        #       deny all;
#        #}
#}
#
## Virtual Host configuration for guacamole.yono.cz SSL
##server {
#	#listen       443 http2;
#	#listen       [::]:443 http2;
#	#server_name  {{ inventory_hostname }};
#	#root         /var/www/html;
#	#index        index.html index.htm index.php index.nginx-debian.html;
#	#
#	#server_tokens off;
#	#
#	#### https://securityheaders.com
#	## HSTS: https://www.root.cz/clanky/bezpecnejsi-sifrovani-https-s-hlavickami-hsts-a-hpkp/
#	#add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
#	#add_header X-Frame-Options "SAMEORIGIN";
#	## Content Security Policy
#	#add_header Content-Security-Policy "upgrade-insecure-requests;";
#	## X-Content-Type-Options
#	#add_header 'X-Content-Type-Options' 'nosniff';
#	## Referrer-Policy: no-referrer
#	#add_header 'Referrer-Policy' 'no-referrer';
#	#add_header X-XSS-Protection "1; mode=block";
#	#
#	## Load configuration files for the default server block.
#	##include /etc/nginx/default.d/*.conf;
#	#
#	#ssl on;
#	#
#	#ssl_certificate /etc/ssl/nic-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.chained.crt;
#	#ssl_certificate_key /etc/ssl/nic-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key;
#	#
#	##location / {
#	##        return 302 https://$host$uri; # Forward to HTTPS
#	##}
#
#       location / {
#           proxy_pass http://{{ inventory_hostname }};
#           proxy_buffering off;
#           proxy_http_version 1.1;
#           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#           proxy_set_header Upgrade $http_upgrade;
#           proxy_set_header Connection $http_connection;
#           #proxy_cookie_path /guacamole/ /;
#           auth_basic "Private access";
#           auth_basic_user_file /etc/nginx/.htpasswd;
#       }
#
#
##}


