{% include "_header_comment.conf" %}

{% if enabled %}
server {
  set $forward_scheme {{ forward_scheme }};
  set $server         "{{ forward_host }}";
  set $port           {{ forward_port }};

{% include "_listen.conf" %}
{% include "_certificates.conf" %}
{% include "_assets.conf" %}
{% include "_exploits.conf" %}
{% include "_hsts.conf" %}
{% include "_forced_ssl.conf" %}

{% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
{% endif %}

  access_log /data/logs/proxy-host-{{ id }}_access.log proxy;
  error_log /data/logs/proxy-host-{{ id }}_error.log warn;

{{ advanced_config }}

{{ locations }}

{% if use_default_location %}

  location / {

    {% if access_list_id > 0 %}
    {% if access_list.items.length > 0 %}
    # Authorization
    auth_basic            "Authorization required";
    auth_basic_user_file  /data/access/{{ access_list_id }};

    {{ access_list.passauth }}
    {% endif %}

    # Access Rules
    {% for client in access_list.clients %}
    {{- client.rule -}};
    {% endfor %}deny all;

    # Access checks must...
    {% if access_list.satisfy %}
    {{ access_list.satisfy }};
    {% endif %}

    {% endif %}

{% include "_hsts.conf" %}

    {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_http_version 1.1;
    {% endif %}

    # Proxy!
    include conf.d/include/proxy.conf;
  }
{% endif %}

  # Custom
  include /data/nginx/custom/server_proxy[.]conf;
}
{% endif %}