# {{ ansible_managed }}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name {{ site.server_name|default(inventory_hostname) }}{% if site.server_alias is defined %} {{ site.server_alias }}{% endif %};

    include /etc/nginx/tls_params;
    ssl_certificate        /var/lib/dehydrated/certs/{{ site.server_name }}/fullchain.pem;
    ssl_certificate_key    /var/lib/dehydrated/certs/{{ site.server_name }}/privkey.pem;

    client_max_body_size {{ nginx_client_max_body_size }};

    location ~ /\.ht {
        deny all;
    }

    access_log  /var/log/nginx/{{ site.server_name }}.access.log bitlair;
    error_log   /var/log/nginx/{{ site.server_name }}.error.log;

{% if site.localproxy is defined %}
    location / {
        proxy_pass http://localhost:{{ site.localproxy }}/;
        include proxy_params;
    }
{% endif %}

    # Include snippets
{% for file in site.snippets | default([]) %}
{% include "snippets/" ~ file %}
{% endfor %}

    # Per site configuration
{% for line in site.config | default([]) %}
    {{ line }}
{% endfor %}
}