{{ ansible_managed | comment }}

# Automatic Connection header for WebSocket support
# See http://nginx.org/en/docs/http/websocket.html
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

{% for upstream in nginx.upstreams -%}
upstream {{ upstream.name }} {
    # Path of the server
    server {{ upstream.server }};
}
{% endfor -%}

{% if nginx.default_ssl_server -%}
# Redirect all services to the main site
server {
    listen 443 default_server ssl;
    listen [::]:443 default_server ssl;
    include "/etc/nginx/snippets/options-ssl.{{ nginx.default_ssl_domain }}.conf";

    server_name _;
    charset utf-8;

    # Hide Nginx version
    server_tokens off;

{% for realip in nginx.real_ip_from %}
    set_real_ip_from {{ realip }};
{% endfor %}
    real_ip_header P-Real-Ip;

    location / {
        return 302 https://{{ nginx.default_ssl_server }}$request_uri;
    }
}
{% endif -%}

{% if nginx.default_server -%}
# Redirect all services to the main site
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    server_name _;
    charset utf-8;

    # Hide Nginx version
    server_tokens off;

{% for realip in nginx.real_ip_from %}
    set_real_ip_from {{ realip }};
{% endfor %}
    real_ip_header P-Real-Ip;

    location / {
        return 302 http://{{ nginx.default_server }}$request_uri;
    }
}
{% endif -%}

{% for server in nginx.servers %}
{% if server.ssl is defined and server.ssl -%}
# Redirect HTTP to HTTPS
server {
    listen 80{% if server.default is defined and server.default %} default_server{% endif %};
    listen [::]:80{% if server.default is defined and server.default %} default_server{% endif %};

    server_name {{ server.server_name|join(" ") }};
    charset utf-8;

    # Hide Nginx version
    server_tokens off;

{% for realip in nginx.real_ip_from %}
    set_real_ip_from {{ realip }};
{% endfor %}
    real_ip_header P-Real-Ip;

    location / {
        return 302 https://$host$request_uri;
    }
}
{% endif -%}

server {
    {% if server.ssl is defined and server.ssl -%}
    listen 443{% if server.default is defined and server.default %} default_server{% endif %} ssl;
    listen [::]:443{% if server.default is defined and server.default %} default_server{% endif %} ssl;
    include "/etc/nginx/snippets/options-ssl.{{ server.ssl }}.conf";
    {% else -%}
    listen 80;
    listen [::]:80;
    {% endif -%}

    server_name {{ server.server_name|join(" ") }};
    charset utf-8;

    # Hide Nginx version
    server_tokens off;

{% for realip in nginx.real_ip_from %}
    set_real_ip_from {{ realip }};
{% endfor %}
    real_ip_header P-Real-Ip;

    {% if server.root is defined %}root {{ server.root }};{% endif %}
    {% if server.index is defined %}index {{ server.index|join(" ") }};{% endif %}

    {% if server.access_log is defined %}access_log {{ server.access_log }};{% endif %}
    {% if server.error_log is defined %}error_log {{ server.error_log }};{% endif %}

{% if server.additional_params is defined %}
{% for param in server.additional_params %}
    {{ param }};
{% endfor %}
{% endif %}

{% if server.locations is defined %}
{% for location in server.locations %}
    location {{ location.filter }} {
{% for param in location.params %}
        {{ param }};
{% endfor %}
    }

{% endfor %}
{% endif %}
}
{% endfor %}