{%- include "_header_comment.conf" %}

{%- if enabled %}
server {
  set $forward_scheme {{ forward_scheme }};
  set $server         "{{ forward_host }}";
  set $port           {{ forward_port }};

{%- include "_listen.conf" %}
{%- include "_certificates.conf" %}
{%- include "_hsts.conf" %}
{%- include "_forced_tls.conf" %}
{%- include "_brotli.conf" %}
{%- include "_access.conf" %}

  {%- if block_exploits %}
  modsecurity on;
    {%- if caching_enabled %}
    modsecurity_rules_file /usr/local/nginx/conf/conf.d/include/modsecurity-crs.conf;
    {%- else %}
    modsecurity_rules_file /usr/local/nginx/conf/conf.d/include/modsecurity.conf;
    {%- endif %}
  {%- endif %}

  include conf.d/include/always.conf;

  {%- if access_list_id > 0 %}
  {%- if access_list.items.length > 0 %}
  {{ access_list.passauth }}
  {%- endif %}
  {%- endif %}

{{ advanced_config }}

# custom locations
{{ locations }}

{%- if use_default_location %}
  location / {
    include conf.d/include/always.conf;

    {%- if allow_websocket_upgrade %}
    proxy_set_header Upgrade            $http_upgrade;
    proxy_set_header Connection         $connection_upgrade;
    {%- endif %}

    # Proxy!
    include conf.d/include/proxy.conf;
  }
{%- endif %}

  # Custom
  include /data/nginx_custom/server_proxy.conf;
}
{%- endif %}