diff --git a/nginx.tmpl b/nginx.tmpl
index 31ffd9b..8a8de27 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -73,22 +73,22 @@ proxy_set_header Proxy "";
 
 {{ $enable_ipv6 := eq (or ($.Env.ENABLE_IPV6) "") "true" }}
 server {
+	server_name _; # This is just an invalid value which will never trigger on a real hostname.
 	listen 80;
 	{{ if $enable_ipv6 }}
 	listen [::]:80;
 	{{ end }}
-	server_name _; # This is just an invalid value which will never trigger on a real hostname.
 	access_log /var/log/nginx/access.log vhost;
 	return 503;
 }
 
 {{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
 server {
+	server_name _; # This is just an invalid value which will never trigger on a real hostname.
 	listen 443 ssl http2;
 	{{ if $enable_ipv6 }}
 	listen [::]:443 ssl http2;
 	{{ end }}
-	server_name _; # This is just an invalid value which will never trigger on a real hostname.
 	access_log /var/log/nginx/access.log vhost;
 	return 503;
 
@@ -165,22 +165,22 @@ upstream {{ $upstream_name }} {
 
 {{ if eq $https_method "redirect" }}
 server {
+	server_name {{ replace $host_list "," " " -1 }};
 	listen 80 {{ $default_server }};
 	{{ if $enable_ipv6 }}
 	listen [::]:80 {{ $default_server }};
 	{{ end }}
-	server_name {{ replace $host_list "," " " -1 }};
 	access_log /var/log/nginx/access.log vhost;
 	return 301 https://$host$request_uri;
 }
 {{ end }}
 
 server {
-  listen 443 ssl http2 {{ $default_server }};
+	server_name {{ replace $host_list "," " " -1 }};
+	listen 443 ssl http2 {{ $default_server }};
 	{{ if $enable_ipv6 }}
 	listen [::]:443 ssl http2 {{ $default_server }};
 	{{ end }}
-	server_name {{ replace $host_list "," " " -1 }};
 	access_log /var/log/nginx/access.log vhost;
 
 	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
@@ -232,11 +232,11 @@ server {
 {{ if or (not $is_https) (eq $https_method "noredirect") }}
 
 server {
+	server_name {{ replace $host_list "," " " -1 }};
 	listen 80 {{ $default_server }};
 	{{ if $enable_ipv6 }}
 	listen [::]:80 {{ $default_server }};
 	{{ end }}
-	server_name {{ replace $host_list "," " " -1 }};
 	access_log /var/log/nginx/access.log vhost;
 
 	{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}
@@ -266,11 +266,11 @@ server {
 
 {{ if (and (not $is_https) (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
 server {
+	server_name {{ replace $host_list "," " " -1 }};
 	listen 443 ssl http2 {{ $default_server }};
 	{{ if $enable_ipv6 }}
 	listen [::]:443 ssl http2 {{ $default_server }};
 	{{ end }}
-	server_name {{ replace $host_list "," " " -1 }};
 	access_log /var/log/nginx/access.log vhost;
 	return 500;