# generated 2023-01-14, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
server {
	listen *:443 ssl http2;
	listen [::]:443 ssl http2;
	server_name {{ domain_name }};

	ssl_certificate         /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem;
	ssl_certificate_key     /etc/letsencrypt/live/{{ domain_name }}/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem;

	ssl_session_cache shared:SSL:50m;
	ssl_session_timeout 1d;
	ssl_session_tickets off;

	# HSTS (ngx_http_headers_module is required) (63072000 seconds)
	add_header Strict-Transport-Security "max-age=63072000" always;

	# OCSP stapling
	ssl_stapling on;
	ssl_stapling_verify on;

	root /home/homepage/homepage/build;

	location = / {
		try_files $uri /out.html;
	}
}