server {
    listen 80;
    server_name {{constants.FQDN}};
    rewrite ^ https://{{constants.FQDN}}$request_uri?;
}

server {
    root /var/www/html;
    add_header X-Frame-Options "DENY";
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    listen 443 ssl;
    server_name {{constants.FQDN}};
    client_max_body_size 10G;
    ssl_certificate {{certificate_path}};
    ssl_certificate_key {{key_path}};
    ssl_client_certificate {{authority_path}};
    ssl_verify_client {{verify_client}};
}