server {
    listen 80{% if item.default_server | default(false) %} default_server{% endif %};
    listen [::]:80{% if item.default_server | default(false) %} default_server{% endif %};
    server_name {{ item.server_names | join(' ') }};

    location /.well-known/acme-challenge/ {
        root /var/www/letsencrypt;
    }

{% if item.acme_only | default(false) %}
    location / {
        return 404;
    }
{% else %}
    location / {
        return 301 https://$host$request_uri;
    }
{% endif %}
}

{% if not (item.acme_only | default(false)) %}
server {
    listen 443 ssl http2{% if item.default_server | default(false) %} default_server{% endif %};
    listen [::]:443 ssl http2{% if item.default_server | default(false) %} default_server{% endif %};
    server_name {{ item.server_names | join(' ') }};

{% if item.acme_managed | default(true) %}
{% set certificate_name = item.certificate_name | default(item.server_names[0]) %}
{% set nginx_site_has_live_cert = nginx_acme_certificates_available[item.name] | default(false) %}
{% if nginx_site_has_live_cert %}
    ssl_certificate /etc/letsencrypt/live/{{ certificate_name }}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/{{ certificate_name }}/privkey.pem;
{% else %}
    ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
    ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
{% endif %}
{% endif %}

    client_max_body_size 50m;

{% if item.static_root is defined %}
    root {{ item.static_root }};
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }
{% else %}
{% for location in item.static_locations | default([]) %}
{% if location.path.endswith('/') %}
    location = {{ location.path[:-1] }} {
        return 301 {{ location.path }};
    }
{% endif %}
    location ^~ {{ location.path }} {
        alias {{ location.alias }};
{% if location.autoindex | default(false) %}
        autoindex on;
{% endif %}
    }
{% endfor %}
    location / {
        proxy_pass http://{{ item.upstream_host }}:{{ item.upstream_port }};
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
{% if item.websocket | default(false) %}
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
{% endif %}
    }
{% endif %}
}
{% endif %}