server {
    listen 80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
    listen [::]:80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
    server_name {{ nginx_vhost.hostnames | join(' ') }};

{% if 'logs' in nginx_vhost %}
{%   if 'access' in nginx_vhost.logs %}
    access_log {{ nginx_vhost.logs.access }};
{%   endif %}
{%   if 'error' in nginx_vhost.logs %}
    error_log {{ nginx_vhost.logs.error }};
{%   endif %}

{% endif %}
{% if 'tls' in nginx_vhost %}
{%   if nginx_vhost.tls.certificate_provider == 'acmetool' or nginx_vhost.tls.certificate_provider == 'uacme' %}
    include snippets/{{ nginx_vhost.tls.certificate_provider }}.conf;

{%   endif %}
    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
    listen [::]:443 ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
    server_name {{ nginx_vhost.hostnames | join(' ') }};

{%   if 'logs' in nginx_vhost %}
{%     if 'access' in nginx_vhost.logs %}
    access_log {{ nginx_vhost.logs.access }};
{%     endif %}
{%     if 'error' in nginx_vhost.logs %}
    error_log {{ nginx_vhost.logs.error }};
{%     endif %}

{%   endif %}
{%   if nginx_vhost.tls.certificate_provider == 'acmetool' or nginx_vhost.tls.certificate_provider == 'uacme' %}
    include snippets/{{ nginx_vhost.tls.certificate_provider }}.conf;
{%   endif %}
    include snippets/tls{% if 'variant' in nginx_vhost.tls %}-{{ nginx_vhost.tls.variant }}{% endif %}.conf;
    ssl_certificate     {{ x509_certificate_path_fullchain }};
    ssl_certificate_key {{ x509_certificate_path_key }};
{%   if 'hsts' not in nginx_vhost.tls or nginx_vhost.tls.hsts %}
    include snippets/hsts.conf;
{%   endif %}

{% endif %}
{% if 'custom' in nginx_vhost %}
    {{ nginx_vhost.custom | trim | indent(4) }}
{% else %}
{%   if 'extra_directives' in nginx_vhost %}
    {{ nginx_vhost.extra_directives | trim | indent(4) }}

{%   endif %}
{%   for path, location in nginx_vhost.locations.items() %}
    location {{ path }} {
{%     if 'proxy_pass' in location %}
        include snippets/proxy-nobuff.conf;
        proxy_set_header Host $host;
        include snippets/proxy-forward-headers.conf;

        # for websockets
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        proxy_pass {{ location.proxy_pass }};
{%       if 'proxy_redirect' in location %}
{%         for entry in location.proxy_redirect %}
        proxy_redirect {{ entry.redirect }} {{ entry.replacement }};
{%         endfor %}
{%       endif %}
{%       if 'proxy_ssl' in location %}
{%         for prop in (location.proxy_ssl | list | sort)  %}
        proxy_ssl_{{ prop }} {{ location.proxy_ssl[prop] }};
{%         endfor %}
{%       endif %}
{%     elif 'return' in location %}
        return {{ location.return }};
{%     elif 'custom' in location %}
        {{ location.custom | trim | indent(8) }}
{%     else %}
{%       if 'root' in location %}
        root {{ location.root }};
{%       elif 'alias' in location %}
        alias {{ location.alias }};
{%       endif %}
{%       if 'index' in location %}
        index {{ location.index }};
{%       endif %}
{%       if 'autoindex' in location %}
        autoindex on;
{%         if 'format' in location.autoindex %}
        autoindex_format {{ nginx_vhost.autoindex.format }};
{%         endif  %}
{%       endif %}
{%     endif %}
{%     if 'extra_directives' in location %}

        {{ location.extra_directives | trim | indent(8) }}
{%     endif %}
    }
{%   endfor %}
{% endif %}
}