{% if terminate_ssl %}
server{

    # {{ comment }}
    
    listen 10443 ssl;
    listen [::]:10443 ssl;

    {% if servernames %}server_name{% for s in servernames %} {{ s }}{% endfor %};{% endif %}

    {% if acme %}
    include acme-challenge.conf;
    {% else %}
    listen 80;
    listen [::]:80;
    {% endif %}


    {% if cert_optional %}
    ssl_client_certificate ca_cert.pem;
    {% if cert_non_optional %}
    ssl_verify_client on;
    {% else %}
    ssl_verify_client optional;
    {% endif %}
    ssl_verify_depth 1;
    {% endif %}
    
    {% if extra_location and not extra_location["location"] == "/" %}
    location {{ extra_location["location"] }} {
        {{ extra_location["content"] }}
        {% if extra_location["location-auth"] %}
        auth_basic "{{ extra_location["location-auth"] }}";
        auth_basic_user_file /etc/nginx/{{ extra_location["location-auth"] }}.htpasswd;
        {% endif %}
    }
    {% endif %}

    location / {    
        proxy_pass http://{{ targetip }}:{{ targetport }};
        proxy_set_header Host $http_host;
        {% if extra_location["location"] == "/" %}
        {{ extra_location["content"] }}
        {% endif %}
        {{ proxy_pass_blob }}
        {{ cert_header_line }}
        {% if basicauth %}
        auth_basic "{{ basicauth }}";
        auth_basic_user_file /etc/nginx/{{ basicauth }}.htpasswd;
        {% endif %}
    }
}
{% endif %}

server{

    # {{ comment }}
    
    listen 80;
    listen [::]:80;

    {% if include_subdomains %}
        {% if servernames %}
            server_name{% for s in servernames %} ~^.*{{ s.replace(".","\\.") }}{% endfor %};
        {% endif %}
    {% else %}
    {% if servernames %}server_name{% for s in servernames %} {{ s }}{% endfor %};{% endif %}
    {% endif %}


    {% if acme %}
    include acme-challenge.conf;
    return 301 https://$host$request_uri;
    {% else %}
    location / {
        {{ proxy_pass_blob }}
        proxy_pass http://{{ targetip }}:80;
    }
    {% endif %}

}