# Generated by ansible for site {{ site.url }} 
# At {{ site.subnet_site_ip }} on {{ site.subnet_cidr_address }}

server {
  listen 80;
  listen [::]:80;
  server_name {{ site.url }} www.{{ site.url }};

  # Let's Encrypt
  include snippets/letsencrypt.conf;

  location / {
{% if site.redirect_to_www %}
    return 301 https://www.{{ site.url }}$request_uri;
{% else %}
    return 301 https://{{ site.url }}$request_uri;
{% endif %}
  }
}

server {
  listen 443 ssl;
  listen [::]:443 ssl;
  server_name {{ site.url }} www.{{ site.url }};

  access_log  /var/log/nginx/{{ site.slug }}-access.log;
  error_log   /var/log/nginx/{{ site.slug }}-error.log;

{% if site.redirect_to_www %}
  # Redirect non-www to www
  if ($host = {{ site.url }}) {
    rewrite ^ https://www.{{ site.url }}$request_uri permanent;
  }
{% else %}
  # Redirect www to non-www
  if ($host = www.{{ site.url }}) {
    rewrite ^ https://{{ site.url }}$request_uri permanent;
  }
{% endif %}

  # Let's Encrypt
  include snippets/letsencrypt.conf;

  include snippets/ssl-params.conf;
  ssl_certificate /etc/letsencrypt/live/{{ site.url }}/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/{{ site.url }}/privkey.pem;
  
  include snippets/header-params_server.conf;
  location / {
    include snippets/header-params_location.conf;
  
    proxy_pass http://{{ site.subnet_nginx_ip }}:80;
  }
}