chef/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb

server {
  listen 80;
  server_name mastodon.<%= @onion_address %>;
  include <%= @shared_config_path %>;
}

map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name <%= @server_name %>;
  include <%= @shared_config_path %>;

  <% if File.exist?(@ssl_cert) &&
        File.exist?(@ssl_key) -%>
  ssl_certificate     <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;
  <% end -%>

  add_header Strict-Transport-Security "max-age=31536000";
}