server { listen 80; listen [::]:80; server_name system.is; return 301 https://$server_name$request_uri; } server { listen 443 ssl; listen [::]:443 ssl; server_name system.is; ssl on; ssl_certificate /etc/certificates/is.system/crt; ssl_certificate_key /etc/certificates/is.system/key; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "DENY" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "no-referrer" always; #add_header Content-Security-Policy "default-src 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-scripts; base-uri https://system.is:443/" always; root /etc/nginx; location / { autoindex on; } }