# Generated by ansible for site {{ item.url }} 
# At {{ item.subnet_site_ip }} on {{ item.subnet_cidr_address }}

server {
  listen 80;
  listen [::]:80;
  server_name {{ item.url }} www.{{ item.url }};

  # Let's Encrypt
  include snippets/letsencrypt.conf;

  location / {
{% if item.redirect_to_www %}
    return 301 https://www.{{ item.url }}$request_uri;
{% else %}
    return 301 https://{{ item.url }}$request_uri;
{% endif %}
  }
}

server {
  listen 443 ssl;
  listen [::]:443 ssl;
  server_name {{ item.url }} www.{{ item.url }};

  access_log  /var/log/nginx/{{ item.slug }}-access.log;
  error_log   /var/log/nginx/error.log;

{% if item.redirect_to_www %}
  # Redirect non-www to www
  if ($host = {{ item.url }}) {
    rewrite ^ https://www.{{ item.url }}$request_uri permanent;
  }
{% else %}
  # Redirect www to non-www
  if ($host = www.{{ item.url }}) {
    rewrite ^ https://{{ item.url }}$request_uri permanent;
  }
{% endif %}

  # Let's Encrypt
  include snippets/letsencrypt.conf;

  include snippets/ssl-params.conf;
  ssl_certificate /etc/letsencrypt/live/{{ item.url }}/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/{{ item.url }}/privkey.pem;
  
  include snippets/header-params_server.conf;
  location / {
    include snippets/header-params_location.conf;
  
    proxy_pass http://{{ item.subnet_site_ip }}:80;
  }
}