{% for x509 in vhosts_x509.results %}

{%- set vhost = x509.vhost -%}
{%- set ssl = vhost.ssl | default(false) -%}
{%- set php_fastcgi = vhost.php_fastcgi | default(false) -%}
{%- set frame_options = vhost.frame_options | default('SAMEORIGIN') -%}

server {

    listen
{%- if ssl %}
 {{ vhost.listen | default('443') }} ssl
{%- else %}
 {{ vhost.listen | default('80') }}
{%- endif -%}
{%- if vhost.default_server | default(false) %}
 default_server
{%- endif -%}
;

{% if vhost.server_name is defined %}
    server_name {{ vhost.server_name }};
{% endif %}

{% if ssl %}
    ssl_certificate "{{ x509.cert_path }}";
    ssl_certificate_key "{{ x509.key_path }}";
{% if vhost.strict_transport_security | default(false) %}
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; ";
{% endif %}
{% endif %}

{% if vhost.root is defined %}
    root {{ vhost.root }};
{% endif %}

{% if vhost.index is defined %}
    index {{ vhost.index }};
{% else %}
    index {% if php_fastcgi %}index.php {% endif %}index.html;
{% endif %}

{% if vhost.error_page is defined %}
    error_page {{ vhost.error_page }};
{% endif %}
{% if vhost.access_log is defined %}
    access_log {{ vhost.access_log }};
{% endif %}
{% if vhost.error_log is defined %}
    error_log {{ vhost.error_log }} error;
{% endif %}

{% if frame_options %}
    add_header X-Frame-Options {{frame_options}};
{% endif %}

{% if vhost.return is defined %}
    return {{ vhost.return }};
{% endif %}

{% if php_fastcgi %}
    location ~ [^/]\.php(/|$) {
        # correctly handle request like /test.php/foo/blah.php or /test.php/
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        # check whether the *.php does indeed exist to prevent nginx
        # to feeding PHP FPM non php script file (like uploaded image)
        # (if instead of try_files due to nginx bug #321)
        if (!-f $document_root$fastcgi_script_name) {
            return 404;
        }
        # Mitigate https://httpoxy.org/ vulnerabilities
        fastcgi_param HTTP_PROXY "";
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }
    # https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/
{% endif %}

{% if vhost.extra_parameters is defined %}
    {{ vhost.extra_parameters|indent(4) }}
{% endif %}
}
{% endfor %}