# {{ ansible_managed }}

server {
    listen 80;
{% if ansible_all_ipv6_addresses | length %}
    listen [::]:80;
{% endif %}
    server_name {{ dl_server_name }};

    access_log {{ dl_access_log }} main;
    error_log {{ dl_error_log }} warn;

    location /.well-known/acme-challenge/ {
        root /var/www/html;
        try_files $uri =404;
    }

{% if dl_ssl_enabled is defined and
      dl_ssl_enabled %}
    location / {
        return 301 https://$server_name$request_uri;
    }
{% endif %}
}

{% if dl_ssl_enabled is defined and
      dl_ssl_enabled %}
server {
    listen 443 ssl;
{% if ansible_all_ipv6_addresses | length %}
    listen [::]:443 ssl;
{% endif %}

    http2 on;

    server_name {{ dl_server_name }};
    access_log {{ dl_access_log }} main;
    error_log {{ dl_error_log }} warn;

    root {{ dl_server_root }};

{% if dl_ssl_certificate is defined %}
    ssl_certificate {{ dl_ssl_certificate }};
{% endif %}
{% if dl_ssl_certificate_key is defined %}
    ssl_certificate_key {{ dl_ssl_certificate_key }};
{% endif %}
{% if dl_ssl_dhparam is defined %}
    ssl_dhparam {{ dl_ssl_dhparam }};
{% endif %}

    location / {
        add_header Alt-Svc 'h3=":$server_port"; ma=86400';
    }

    location ~ ^\/~(.+?)(\/.*)?$ {
        alias /home/$1/public_html$2;
        index index.html index.htm;
        autoindex on;
        auth_basic "Files";
        auth_basic_user_file /home/$1/.htpasswd;
    }

    location /repo/ {
        root /var/www/html;
        autoindex on;
        try_files $uri $uri/ =404;
    }
}
{% endif %}