{%- set auth = "blocked" -%}
{%- if pillar['nginx'][server]['https'] is defined -%}
  {%- if pillar['nginx'][server]['auth'] is defined-%}
    {%- set auth = pillar['nginx'][server]['auth'] -%}
  {%- endif -%}
{%- endif -%}

server {
    listen 443;
    server_name {{server}}.actcur.com;

    resolver {{resolver}};
    set $backend "https://{{server}}.actcur.com";
    set $certbot "https://salt.actcur.com";

    ssl on;
    ssl_certificate /etc/nginx/certs/{{server}}.actcur.com/cert.pem;
    ssl_certificate_key /etc/nginx/certs/{{server}}.actcur.com/privkey.pem;
    ssl_session_cache shared:SSL:10m;

    {% include 'roles/maintain/nginx-proxy/auth.conf' %}

    location /.well-known/acme-challenge/ {
      proxy_pass $certbot;
      proxy_set_header Host $host;
    }

{%- if auth != "blocked" %}

    location / {
        proxy_pass $backend;
        proxy_set_header Host $host;

        # re-write redirects to http as to https, example: /home
        proxy_redirect http:// https://;
    }
{%- endif %}
}

{%- if pillar['nginx'][server]['http'] is defined-%}
  {%- if pillar['nginx'][server]['https']['auth'] is defined-%}
    {%- set auth = pillar['nginx'][server]['https']['auth'] -%}
  {%- else -%}
    {%- set auth = "blocked" -%}
  {%- endif -%}
server {
    listen 80;
    server_name {{server}}.actcur.com;

    resolver {{resolver}};
    set $backend "http://{{server}}.actcur.com";
    set $certbot "http://salt.actcur.com";

    location /.well-known/acme-challenge/ {
      proxy_pass $certbot;
      proxy_set_header Host $host;
    }

    location / {
        proxy_pass $backend;
        proxy_set_header Host $host;

        # re-write redirects to https as to http, example: /home
        proxy_redirect https:// http://;
    }
}
{%- endif -%}