#
# Managed by CFEengine
#

	
{{^vars.nginx_vhost.site.ssl}}
server {
	listen *:80;
	server_name {{vars.nginx_vhost.site.domain}} {{#vars.nginx_vhost.site.aliases}}{{.}} {{/vars.nginx_vhost.site.aliases}};
	root {{vars.nginx_vhost.site.doc_root}};

	location ^~ /.well-known/acme-challenge/ {
		alias {{vars.nginx.default_html_dir}}/.well-known/acme-challenge/;
		try_files $uri $uri/ =404;
	}
}
{{/vars.nginx_vhost.site.ssl}}
	
	
{{#vars.nginx_vhost.site.ssl}}

server {
	listen *:80;

	server_name {{vars.nginx_vhost.site.domain}} {{#vars.nginx_vhost.site.aliases}}{{.}} {{/vars.nginx_vhost.site.aliases}};

        location ^~ /.well-known/acme-challenge/ {
                alias {{vars.nginx.default_html_dir}}/.well-known/acme-challenge/;
                try_files $uri $uri/ =404;
        }

	return       301 https://{{vars.nginx_vhost.site.domain}}$request_uri;
}


server {
	listen *:443;
	ssl on;


	server_name {{vars.nginx_vhost.site.domain}} {{#vars.nginx_vhost.site.aliases}}{{.}} {{/vars.nginx_vhost.site.aliases}};

        location ^~ /.well-known/acme-challenge/ {
                alias {{vars.nginx.default_html_dir}}/.well-known/acme-challenge/;
                try_files $uri $uri/ =404;
        }

	ssl_certificate           {{vars.nginx_vhost.ssl_cert}};
	ssl_certificate_key       {{vars.nginx_vhost.ssl_key}};

#	ssl_dhparam               /etc/nginx/dhparam.pem;

	root {{vars.nginx_vhost.site.doc_root}};

}


{{/vars.nginx_vhost.site.ssl}}