diff --git a/common/nginx/handlers/main.yml b/common/nginx/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7217c0ff81e01cca9d2f9a5b23634b38ac457118
--- /dev/null
+++ b/common/nginx/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: restart nginx
+  service: name=nginx state=restarted
+
+- name: restart telegraf
+  service: name=telegraf state=restarted
diff --git a/webserver/nginx/includes/alerta b/common/nginx/includes/alerta.warpzone.ms
similarity index 100%
rename from webserver/nginx/includes/alerta
rename to common/nginx/includes/alerta.warpzone.ms
diff --git a/webserver/nginx/includes/auth b/common/nginx/includes/auth.warpzone.ms
similarity index 100%
rename from webserver/nginx/includes/auth
rename to common/nginx/includes/auth.warpzone.ms
diff --git a/webserver/nginx/includes/gitlab b/common/nginx/includes/gitlab.warpzone.ms
similarity index 100%
rename from webserver/nginx/includes/gitlab
rename to common/nginx/includes/gitlab.warpzone.ms
diff --git a/webserver/nginx/includes/infra-test b/common/nginx/includes/infra-test.warpzone.ms
similarity index 100%
rename from webserver/nginx/includes/infra-test
rename to common/nginx/includes/infra-test.warpzone.ms
diff --git a/webserver/nginx/includes/infra b/common/nginx/includes/infra.warpzone.ms
similarity index 100%
rename from webserver/nginx/includes/infra
rename to common/nginx/includes/infra.warpzone.ms
diff --git a/webserver/nginx/includes/ldap b/common/nginx/includes/ldap.warpzone.ms
similarity index 100%
rename from webserver/nginx/includes/ldap
rename to common/nginx/includes/ldap.warpzone.ms
diff --git a/webserver/nginx/includes/mattermost b/common/nginx/includes/mattermost.warpzone.ms
similarity index 100%
rename from webserver/nginx/includes/mattermost
rename to common/nginx/includes/mattermost.warpzone.ms
diff --git a/webserver/nginx/includes/md b/common/nginx/includes/md.warpzone.ms
similarity index 100%
rename from webserver/nginx/includes/md
rename to common/nginx/includes/md.warpzone.ms
diff --git a/webserver/nginx/includes/pad b/common/nginx/includes/pad.warpzone.ms
similarity index 100%
rename from webserver/nginx/includes/pad
rename to common/nginx/includes/pad.warpzone.ms
diff --git a/common/nginx/includes/verwaltung-git.warpzone.ms b/common/nginx/includes/verwaltung-git.warpzone.ms
new file mode 100644
index 0000000000000000000000000000000000000000..4206d1d4b65534e4fdf08eec2d4ba3a41757f936
--- /dev/null
+++ b/common/nginx/includes/verwaltung-git.warpzone.ms
@@ -0,0 +1,12 @@
+
+	location /  {
+
+        	proxy_set_header        Host $host;
+        	proxy_set_header        X-Real-IP $remote_addr;
+	        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        	proxy_set_header        X-Forwarded-Proto $scheme;
+
+	        proxy_pass      http://127.0.0.1:42001/;
+        	proxy_redirect  off;
+
+    }
diff --git a/common/nginx/includes/verwaltung.warpzone.ms b/common/nginx/includes/verwaltung.warpzone.ms
new file mode 100644
index 0000000000000000000000000000000000000000..50abb8ca1260e5c2694bffdc41372c85eac21098
--- /dev/null
+++ b/common/nginx/includes/verwaltung.warpzone.ms
@@ -0,0 +1,5 @@
+
+    location / {
+      rewrite     ^(.*)   https://verwaltung-git.warpzone.ms$1;
+    }
+
diff --git a/common/nginx/includes/warpzone.ms b/common/nginx/includes/warpzone.ms
new file mode 100644
index 0000000000000000000000000000000000000000..4a318e052fef05166d1cb541363427cb8cdb6398
--- /dev/null
+++ b/common/nginx/includes/warpzone.ms
@@ -0,0 +1,4 @@
+
+    location / {
+      rewrite     ^(.*)   https://www.warpzone.ms$1;
+    }
diff --git a/webserver/nginx/includes/wiki b/common/nginx/includes/wiki.warpzone.ms
similarity index 100%
rename from webserver/nginx/includes/wiki
rename to common/nginx/includes/wiki.warpzone.ms
diff --git a/webserver/nginx/includes/www b/common/nginx/includes/www-test.warpzone.ms
similarity index 100%
rename from webserver/nginx/includes/www
rename to common/nginx/includes/www-test.warpzone.ms
diff --git a/webserver/nginx/includes/www-test b/common/nginx/includes/www.warpzone.ms
similarity index 100%
rename from webserver/nginx/includes/www-test
rename to common/nginx/includes/www.warpzone.ms
diff --git a/common/nginx/tasks/config_site.yml b/common/nginx/tasks/config_site.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a867aac369a572171d9995b61b076aae16745221
--- /dev/null
+++ b/common/nginx/tasks/config_site.yml
@@ -0,0 +1,23 @@
+
+# Konfiguration einer nginx-site 
+# {{ item }} enthält den vollständigen Domänennamen 
+# Falls erforderlich wird das Zertifikat über Letsencrypt geholt 
+
+- name: Check if cert already exists for {{ item }} 
+  stat:
+    path: /etc/letsencrypt/live/{{ item }}/privkey.pem
+  register: cert
+
+- name: Stop nginx
+  service: name=nginx state=stopped
+  notify: restart nginx
+  when: cert.stat.exists == False 
+
+- name: Get Certificate for {{ item }} via Certbot
+  command: "certbot certonly --non-interactive --agree-tos --standalone -m {{ letsencrypt_mail }} -w /var/www/html/  -d {{ item }}"
+  when: cert.stat.exists == False 
+
+- name: Create nginx config for {{ item }}
+  template: src=nginx-site dest=/etc/nginx/sites-enabled/{{ item }}
+  notify: restart nginx
+
diff --git a/common/nginx/tasks/main.yml b/common/nginx/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..18b83ae9d8a55d5c3f533a8f91b4fd5c938d0eb9
--- /dev/null
+++ b/common/nginx/tasks/main.yml
@@ -0,0 +1,70 @@
+# Pakete installieren
+- name: nginx installieren
+  apt:
+    name: "{{ packages }}"
+    update_cache: yes
+    state: present
+  vars:
+    packages:
+    - nginx-light
+    - libnginx-mod-http-lua
+    - ca-certificates 
+    - openssl
+    - certbot
+    - git
+
+
+# DH Parameter geneieriern 
+
+- name: check if DH Params exists 
+  stat:
+    path: /etc/nginx/dhparams.pem
+  register: dhparams
+
+- name: generate new DH Params 
+  command: openssl dhparam -out /etc/nginx/dhparams.pem 2048
+  when: dhparams.stat.exists == False 
+
+
+# NginX einrichten 
+
+- name: nginx default Konfig entfernen 
+  file: 
+    path: /etc/nginx/sites-enabled/default 
+    state: absent
+
+
+# LetsEncrypt Script erstellen 
+
+- name: LetsEncrypt Script erstellen 
+  template: src=letsencrypt.sh dest=/opt/letsencrypt.sh mode=o+x
+  notify: restart nginx
+
+- name: Cronjob für Zertifikatserneuerung
+  cron: name="letsencrypt" weekday="*" hour="6" minute="0" job="/opt/letsencrypt.sh"
+
+
+# nginx konfigurieren 
+
+- include: config_site.yml
+  with_items:
+    - "{{ webserver_domains }}"
+ 
+
+- name: Konfig-Datei status erstellen
+  template: src=nginx-status dest=/etc/nginx/sites-enabled/status
+  notify: restart nginx
+
+
+# telegraf konfigurieren 
+
+- name: Konfig-Datei status erstellen
+  template: src=telegraf.conf dest=/etc/telegraf/telegraf.d/nginx.conf
+  notify: restart telegraf 
+  
+- name: adding existing user 'telegraf' to group adm
+  user:
+    name: telegraf
+    groups: adm
+    append: yes
+
diff --git a/common/nginx/templates/letsencrypt.sh b/common/nginx/templates/letsencrypt.sh
new file mode 100644
index 0000000000000000000000000000000000000000..8e5efbfcd168068a0c47779a12c22a08c593dbb8
--- /dev/null
+++ b/common/nginx/templates/letsencrypt.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+{% for domain in webserver_domains %}
+certbot certonly --non-interactive --agree-tos --webroot -m {{ letsencrypt_mail }} -w /var/www/html/  -d {{ domain }}.void.ms
+{% endfor %}
diff --git a/common/nginx/templates/nginx-site b/common/nginx/templates/nginx-site
new file mode 100644
index 0000000000000000000000000000000000000000..34c155ecf4bf3704c60a41b98fbbe936fc545e4f
--- /dev/null
+++ b/common/nginx/templates/nginx-site
@@ -0,0 +1,56 @@
+
+
+map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      close;
+}
+
+server {
+
+	listen 80;
+	listen [::]:80;
+
+	server_name {{ item }};
+	root /dev/null;
+	index index.html;
+
+	location /.well-known/acme-challenge/ {
+		root /var/www/html/;
+	}
+
+        location / {
+        	rewrite     ^(.*)   https://{{ item }}$1 permanent;
+  	}
+
+}
+
+server {
+
+	listen 443 ssl http2;
+ 	listen [::]:443 ssl http2;
+
+	ssl_certificate /etc/letsencrypt/live/{{ item }}/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/{{ item }}/privkey.pem;
+	ssl_dhparam /etc/nginx/dhparams.pem;
+
+	ssl_session_cache shared:SSL:5m;
+	ssl_session_timeout 5m;
+	
+	add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
+	ssl_protocols TLSv1.2;
+	ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;	
+	ssl_prefer_server_ciphers on;    
+
+	server_name {{ item }};
+	root /dev/null;
+	index index.html;
+
+	location /.well-known/acme-challenge/ {
+		root /var/www/html/;
+	}
+
+  	{% include "includes/" + item ignore missing %}
+	
+}
+
+
diff --git a/common/nginx/templates/nginx-status b/common/nginx/templates/nginx-status
new file mode 100644
index 0000000000000000000000000000000000000000..7bc3c674d26e156bb5cf287a860dd05078643e88
--- /dev/null
+++ b/common/nginx/templates/nginx-status
@@ -0,0 +1,24 @@
+
+
+server {
+
+  listen 9145;
+
+  location /status {
+
+        # Turn on nginx stats
+        stub_status on;
+
+        # I do not need logs for stats
+        access_log   off;
+
+        # Security: Only allow access from 
+        allow 127.0.0.1;
+   
+        # Send rest of the world to /dev/null #
+        deny all;
+        
+  }
+  
+}
+
diff --git a/common/nginx/templates/telegraf.conf b/common/nginx/templates/telegraf.conf
new file mode 100644
index 0000000000000000000000000000000000000000..34894dd33112bf182f036a94bd1f3dbb1b44ed30
--- /dev/null
+++ b/common/nginx/templates/telegraf.conf
@@ -0,0 +1,24 @@
+
+# Read Nginx's basic status information (ngx_http_stub_status_module)
+[[inputs.nginx]]
+  ## An array of Nginx stub_status URI to gather stats.
+  urls = ["http://127.0.0.1:9145/status"]
+
+  ## Optional TLS Config
+  # tls_ca = "/etc/telegraf/ca.pem"
+  # tls_cert = "/etc/telegraf/cert.pem"
+  # tls_key = "/etc/telegraf/key.pem"
+  ## Use TLS but skip chain & host verification
+  # insecure_skip_verify = false
+
+  ## HTTP response timeout (default: 5s)
+  response_timeout = "5s"
+
+
+#[[inputs.logparser]]
+#  files = ["/var/log/nginx/access.log"]
+#  from_beginning = true
+#  name_override = "nginx_access_log"
+#  [inputs.logparser.grok]
+#    patterns = ["%{COMBINED_LOG_FORMAT}"]
+
diff --git a/group_vars/all b/group_vars/all
index fdd88092707c51cbfa0b4ee91562e7f3b0c6a22a..0657e77d7389fdef6726b044ef97c9428601ad0a 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -1,5 +1,8 @@
 # Globale Variablen für alle Server
 
+# Letsencrypt notification mail 
+letsencrypt_mail: verwaltung@warpzone.ms
+
 # IP Adresse des LDAP Servers
 # Extern läuft auf dem webserver
 ldap_ip_ext: 10.0.20.2
diff --git a/host_vars/vorstand b/host_vars/vorstand
index 0d54f0715253db90962dff4336ef615edbc1513d..bd03105ba46517e3541c5ac285bf2105f1904108 100644
--- a/host_vars/vorstand
+++ b/host_vars/vorstand
@@ -9,12 +9,24 @@ debian_sources:
   - "deb http://repo.myloc.de/debian stretch main non-free contrib"
   - "deb https://download.docker.com/linux/debian stretch stable"
   - "deb http://packages.x2go.org/debian stretch main"
+  - "deb https://repos.influxdata.com/debian stretch stable"
+
 
 debian_keys_id:
   - "E1F958385BFE2B6E" # x2go repo key
   
 debian_keys_url:
   - "https://download.docker.com/linux/debian/gpg"
+  - "https://repos.influxdata.com/influxdb.key"
+
+
+# Art des Hosts: physical, vm, docker 
+host_type: "vm"
+
+
+webserver_domains: 
+  - "verwaltung.warpzone.ms"
+  - "verwaltung-git.warpzone.ms"
 
 
 administratorenteam:
diff --git a/host_vars/webserver b/host_vars/webserver
index 7ec39357afb53517b3372b2608328992db780db4..da8dec9241fc0b3007b7377378462fd4f05d02ae 100644
--- a/host_vars/webserver
+++ b/host_vars/webserver
@@ -24,29 +24,23 @@ debian_keys_url:
 host_type: "vm"
 
 
-letsencrypt_tos_sha256: 6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df987a6221
-
-letsencrypt_mail: verwaltung@warpzone.ms
-
 webserver_domains: 
-  - "auth"
-  - "alerta"
-  - "gitlab"
-  - "infra"
-  - "infra-test"
-  - "jabber"
-  - "muc.jabber"
-  - "proxy.jabber"
-  - "jabber-test"
-  - "muc.jabber-test"
-  - "proxy.jabber-test"
-  - "ldap"
-  - "mattermost"
-  - "md"
-  - "pad"
-  - "wiki"
-  - "www"
-  - "www-test"
+  - "auth.warpzone.ms"
+  - "alerta.warpzone.ms"
+  - "gitlab.warpzone.ms"
+  - "infra.warpzone.ms"
+  - "jabber.warpzone.ms"
+  - "muc.jabber.warpzone.ms"
+  - "proxy.jabber.warpzone.ms"
+  - "jabber-test.warpzone.ms"
+  - "muc.jabber-test.warpzone.ms"
+  - "proxy.jabber-test.warpzone.ms"
+  - "ldap.warpzone.ms"
+  - "mattermost.warpzone.ms"
+  - "md.warpzone.ms"
+  - "pad.warpzone.ms"
+  - "wiki.warpzone.ms"
+  - "www.warpzone.ms"
 
 administratorenteam:
   - "void"
diff --git a/host_vars/webserver-test b/host_vars/webserver-test
index b14b978918f107ee1dd1d6680894ad17efa2b086..348cdf10cb288ef19338f7efad018c0ccb5167a9 100644
--- a/host_vars/webserver-test
+++ b/host_vars/webserver-test
@@ -22,16 +22,13 @@ debian_keys:
 host_type: "vm"
 
 
-letsencrypt_tos_sha256: 6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df987a6221
-
-letsencrypt_mail: verwaltung@warpzone.ms
 
 webserver_domains: 
-  - "infra-test"
-  - "jabber-test"
-  - "muc.jabber-test"
-  - "proxy.jabber-test"
-  - "www-test"
+  - "infra-test.warpzone.ms"
+  - "jabber-test.warpzone.ms"
+  - "muc.jabber-test.warpzone.ms"
+  - "proxy.jabber-test.warpzone.ms"
+  - "www-test.warpzone.ms"
 
 administratorenteam:
   - "void"
diff --git a/vorstand/main.yml b/vorstand/main.yml
index e8fa988c853ee923a91322e0c0255ae1b932d26c..3f13121d899801c89e1ecb0b763bd5443f994011 100644
--- a/vorstand/main.yml
+++ b/vorstand/main.yml
@@ -3,7 +3,10 @@
 - hosts: vorstand
   remote_user: root
   roles:
+    - { role: ../common/telegraf, tags: telegraf }
     - { role: ../common/docker, tags: docker }
+    - { role: ../common/nginx, tags: nginx }
+    - { role: docker_gitea, tags: gitea }
     - { role: docker_mysql, tags: mysql }
     - { role: user, tags: user }
     - { role: jameica, tags: jameica }
diff --git a/webserver-test/main.yml b/webserver-test/main.yml
index e06af65396ccca04175eb6d0397c45d3e2a0ee1c..c45786014f51647441c53cc1c525ebc43f01969a 100644
--- a/webserver-test/main.yml
+++ b/webserver-test/main.yml
@@ -4,7 +4,7 @@
   remote_user: root
   roles:
     - { role: ../common/docker, tags: docker }
-    - { role: ../webserver/nginx, tags: nginx }
+    - { role: ../common/nginx, tags: nginx }
     - { role: ../webserver/docker_jabber, tags: jabber }
     - { role: ../webserver/docker_ldap, tags: ldap }
     - { role: ../webserver/docker_warpinfra, tags: warpinfra }
diff --git a/webserver/main.yml b/webserver/main.yml
index 7e5861b5b2ddec168cc1142fb366e231e4560251..e7be0116f7bd19590d31f5caa23ba49d98316e52 100644
--- a/webserver/main.yml
+++ b/webserver/main.yml
@@ -6,7 +6,7 @@
     - { role: ../common/borgbackup, tags: borgbackup }
     - { role: ../common/docker, tags: docker }
     - { role: ../common/telegraf, tags: telegraf }
-    - { role: nginx, tags: nginx }
+    - { role: ../common/nginx, tags: nginx }
     - { role: openvpn, tags: openvpn }
     - { role: docker_alerta, tags: alerta }
     - { role: docker_dokuwiki, tags: dokuwiki }
diff --git a/webserver/nginx/handlers/main.yml b/webserver/nginx/handlers/main.yml
deleted file mode 100644
index 92971d2cdf145a0108a354b0c6c9e9aef0dd0464..0000000000000000000000000000000000000000
--- a/webserver/nginx/handlers/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-- name: restart nginx
-  service: name=nginx state=restarted
diff --git a/webserver/nginx/tasks/main.yml b/webserver/nginx/tasks/main.yml
deleted file mode 100644
index 2e9f058854893080ca1b2a07d7b2484f51809070..0000000000000000000000000000000000000000
--- a/webserver/nginx/tasks/main.yml
+++ /dev/null
@@ -1,89 +0,0 @@
-# Pakete installieren
-- name: nginx installieren
-  apt:
-    name: "{{ packages }}"
-    update_cache: yes
-    state: present
-  vars:
-    packages:
-      - nginx
-      - git
-      - ca-certificates 
-      - gcc
-      - libssl-dev 
-      - libffi-dev
-      - python
-      - python-dev
-      - virtualenv
-
-- name: nginx default Konfig entfernen 
-  file: 
-    path: /etc/nginx/sites-enabled/default 
-    state: absent
-
-# DH Parameter geneieriern 
-
-- name: check if DH Params exists 
-  stat:
-    path: /etc/nginx/dhparams.pem
-  register: dhparams
-
-- name: generate new DH Params 
-  command: openssl dhparam -out /etc/nginx/dhparams.pem 2048
-  when: dhparams.stat.exists == False 
-
-# sinp_le installieren 
-
-- name: create folder simp_le 
-  file: 
-    path: "/opt/simp_le/" 
-    state: "directory"
-
-- name: clone simp_le repo
-  git: 
-    repo: "https://github.com/zenhack/simp_le.git" 
-    version: "60ee2111609022e6550dbe137c2a6064890a5ca0"
-    dest: "/opt/simp_le/" 
-
-
-# LetsEncrypt Script erstellen 
-
-- name: LetsEncrypt Script erstellen 
-  template: src=letsencrypt.sh dest=/opt/letsencrypt.sh mode=o+x
-  register: letsencryptsh
-
-- name: Cronjob für Zertifikatserneuerung
-  cron: name="letsencrypt" weekday="2" hour="20" minute="0" job="/opt/letsencrypt.sh"
-
-
-# nginx konfigurieren (initial, falls noch kein Zertifikat existiert)
-
-- name: check if fullchain.pem exists
-  stat: path=/etc/ssl/fullchain.pem
-  register: sslcert
-
-- name: Konfig-Datei default erstellen (initial)
-  template: src=nginx-site dest=/etc/nginx/sites-enabled/{{ item }}.wapzone.ms
-  with_items: webserver_domains
-  notify: restart nginx
-  when: sslcert.stat.exists == False
-
-- name: nginx restarten (initial)
-  meta: flush_handlers
-  when: sslcert.stat.exists == False
-
-- name: Letsencrypt-Zertifikat beantragen und installieren 
-  shell: "/opt/letsencrypt.sh" 
-  when: sslcert.stat.exists == False or letsencryptsh.changed
-
-
-# nginx konfigurieren
-
-- name: Konfig-Datei default erstellen
-  template: src=nginx-site dest=/etc/nginx/sites-enabled/{{ item }}.wapzone.ms
-  with_items: 
-    - "{{webserver_domains}}"
-  notify: restart nginx
-
-
-
diff --git a/webserver/nginx/templates/letsencrypt.sh b/webserver/nginx/templates/letsencrypt.sh
deleted file mode 100644
index 2f09b63134ef14e6c5f26ed6a03663ca43df3126..0000000000000000000000000000000000000000
--- a/webserver/nginx/templates/letsencrypt.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash
-
-cd /opt/simp_le/
-if [ ! -e venv/bin/python ]; then ./venv.sh; fi
-
-cd /etc/ssl
-PATH=/opt/simp_le/venv/bin:/usr/sbin:/usr/bin:/sbin:/bin
-
-simp_le --email {{ letsencrypt_mail }} -f account_key.json -f key.pem -f fullchain.pem --tos_sha256 {{ letsencrypt_tos_sha256 }} {% for domain in webserver_domains %} -d {{ domain }}.warpzone.ms:/var/www/html {% endfor %} && systemctl reload nginx && /usr/local/bin/docker-compose -f /srv/jabber_test/docker-compose.yml restart && /usr/local/bin/docker-compose -f /srv/jabber/docker-compose.yml
diff --git a/webserver/nginx/templates/nginx-site b/webserver/nginx/templates/nginx-site
deleted file mode 100644
index 5dfc1f100fb7f7dace7177cc98683d5dfd54d952..0000000000000000000000000000000000000000
--- a/webserver/nginx/templates/nginx-site
+++ /dev/null
@@ -1,82 +0,0 @@
-
-map $http_upgrade $connection_upgrade {
-        default upgrade;
-        ''      close;
-}
-
-server {
-
-	listen 80;
-	listen [::]:80;
-
-	server_name {{ item }}.warpzone.ms;
-	root /dev/null;
-	index index.html;
-
-
-        access_log /dev/null;
-        error_log /dev/null;
-
-        access_log off;
-        error_log off;
-
-
-	location /.well-known/ {
-		root /var/www/html/;
-	}
-
-        {% if sslcert.stat.exists == True %}
-
-        location / {
-               return 301 https://$server_name$request_uri;
-	}
-
-	{% endif %}
-
-}
-
-{% if sslcert.stat.exists == True %}
-
-server {
-
-	listen 443 ssl http2;
-    	listen [::]:443 ssl http2;
-
-	ssl_certificate /etc/ssl/fullchain.pem;
-	ssl_certificate_key /etc/ssl/key.pem;
-	ssl_dhparam /etc/nginx/dhparams.pem;
-
-	ssl_session_tickets off; 
-	ssl_stapling on; 
-	ssl_stapling_verify on; 
-
-	ssl_session_cache shared:SSL:5m;
-	ssl_session_timeout 5m;
-	add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload;";
-
-	# ab nginx > 1.13 ist TLS1.3 möglich 
-	ssl_protocols TLSv1.2;
-	ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;	ssl_prefer_server_ciphers on;    
-
-
-	server_name {{ item }}.warpzone.ms;
-	root /dev/null;
-	index index.html;
-
-
-        access_log /dev/null;
-        error_log /dev/null;
-
-        access_log off;
-        error_log off;
-
-
-	location /.well-known/ {
-		root /var/www/html/;
-	}
-
-        {% include "includes/" + item ignore missing %}
-
-}
-
-{% endif %}