Okay, I’ve tried the following:
-
Fresh droplet
-
Modified line 32 of
lib/trellis/plugins/filter/filters.pyas described here.
This time ansible completed without an error, but the www subdomain is still insecure and not redirecting.
Looking at the nginx config in sites-available, I can see the following server block:
server {
listen 443 ssl http2;
include h5bp/directive-only/ssl.conf;
include h5bp/directive-only/ssl-stapling.conf;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_buffer_size 1400; # 1400 bytes to fit in one MTU
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
ssl_certificate /etc/nginx/ssl/letsencrypt/volunteeringmatters.org.uk-bundled.cert;
ssl_certificate_key /etc/nginx/ssl/letsencrypt/volunteeringmatters.org.uk.key;
server_name www.volunteeringmatters.org.uk;
return 301 $scheme://volunteeringmatters.org.uk$request_uri;
}
any help gratefully received.