Raspberry-Pi-IaC/roles/pi-hole/templates/pi-hole.conf.j2

server {
  listen 443 ssl;
  listen [::]:443 ssl;
  server_name pi-hole.kleinendorst.info;

  # SSL via Let's Encrypt
  ssl_certificate /etc/letsencrypt/live/pi-hole.kleinendorst.info/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/pi-hole.kleinendorst.info/privkey.pem; # managed by Certbot
  ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
  ssl_ciphers         HIGH:!aNULL:!MD5;

  location = / {
    return 301 https://pi-hole.kleinendorst.info/admin;
  }

  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;

    set $upstream_address 127.0.0.1;
    set $upstream_port 8080;
    set $upstream_proto http;
    proxy_pass $upstream_proto://$upstream_address:$upstream_port;
  }
}