# {{ domain_names | join: ", " }}
server {
  listen 80;
  {%- if ssl_enabled == 1 or ssl_enabled == true -%}
  listen 443 ssl;
  {%- endif %}
  server_name {{ domain_names | join: " " }};
  access_log /data/logs/proxy_host-{{ id }}.log proxy;

  set $server {{ forward_ip }};
  set $port   {{ forward_port }};

  {% if caching_enabled == 1 or caching_enabled == true -%}
  # Asset Caching
  include conf.d/include/assets.conf;
  {%- endif %}
  {% if block_exploits == 1 or block_exploits == true -%}
  # Block Exploits
  include conf.d/include/block-exploits.conf;
  {%- endif -%}

  {%- if ssl_enabled == 1 or ssl_enabled == true -%}
  {%- if ssl_provider == "letsencrypt" %}
  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/proxy_host-{{ id }}/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/proxy_host-{{ id }}/privkey.pem;
  {%- endif -%}
  {%- endif %}

  # TODO: Advanced config options

  location / {
    {%- if access_list_id > 0 -%}
    # Access List
    auth_basic            "Authorization required";
    auth_basic_user_file  /config/access/{{ access_list_id }};
    {%- endif %}

    {%- if ssl_enabled == 1 or ssl_enabled == true -%}
    {%- if ssl_forced == 1 or ssl_forced == true -%}
    # Force SSL
    include conf.d/include/force-ssl.conf;
    {%- endif -%}
    {%- endif %}

    # Proxy!
    include conf.d/include/proxy.conf;
  }
}