# {{ ansible_managed }} server { listen 80; {% if ansible_all_ipv6_addresses | length %} listen [::]:80; {% endif %} server_name {{ dl_server_name }}; access_log {{ dl_access_log }} main; error_log {{ dl_error_log }} warn; location /.well-known/acme-challenge/ { root /var/www/html; try_files $uri =404; } {% if dl_ssl_enabled is defined and dl_ssl_enabled %} location / { return 301 https://$server_name$request_uri; } {% endif %} } {% if dl_ssl_enabled is defined and dl_ssl_enabled %} server { listen 443 ssl; {% if ansible_all_ipv6_addresses | length %} listen [::]:443 ssl; {% endif %} http2 on; server_name {{ dl_server_name }}; access_log {{ dl_access_log }} main; error_log {{ dl_error_log }} warn; root {{ dl_server_root }}; {% if dl_ssl_certificate is defined %} ssl_certificate {{ dl_ssl_certificate }}; {% endif %} {% if dl_ssl_certificate_key is defined %} ssl_certificate_key {{ dl_ssl_certificate_key }}; {% endif %} {% if dl_ssl_dhparam is defined %} ssl_dhparam {{ dl_ssl_dhparam }}; {% endif %} location / { add_header Alt-Svc 'h3=":$server_port"; ma=86400'; } location ~ ^\/~(.+?)(\/.*)?$ { alias /home/$1/public_html$2; index index.html index.htm; autoindex on; auth_basic "Files"; auth_basic_user_file /home/$1/.htpasswd; } location /repo/ { root /var/www/html; autoindex on; try_files $uri $uri/ =404; } } {% endif %}