{% include "_header_comment.conf" %}

{% if enabled %}
server {
  set $forward_scheme {{ forward_scheme }};
  set $server         "{{ forward_host }}";
  set $port           {{ forward_port }};

{% include "_listen.conf" %}
{% include "_certificates.conf" %}
{% include "_hsts.conf" %}
{% include "_forced_tls.conf" %}
{% include "_brotli.conf" %}
{% include "_access.conf" %}

  {% if block_exploits == 1 or block_exploits == true %}
  modsecurity on;
    {% if caching_enabled == 1 or caching_enabled == true -%}
    modsecurity_rules_file /usr/local/nginx/conf/conf.d/include/modsecurity-crs.conf;
    {% else %}
    modsecurity_rules_file /usr/local/nginx/conf/conf.d/include/modsecurity.conf;
    {% endif %}
  {% endif %}

  include conf.d/include/acme-challenge.conf;
  include conf.d/include/block-exploits.conf;

{{ advanced_config }}

{% if use_default_location %}
  location / {
    include conf.d/include/acme-challenge.conf;

    {% if access_list_id > 0 %}
    {% if access_list.items.length > 0 %}
    {{ access_list.passauth }}
    {% endif %}
    {% endif %}

    {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
    proxy_set_header Upgrade            $http_upgrade;
    proxy_set_header Connection         $connection_upgrade;
    {% endif %}

    # Proxy!
    include conf.d/include/proxy.conf;
  }
{% endif %}

{{ locations }}

  # Custom
  include /data/nginx/custom/server_proxy.conf;
}
{% endif %}