server {
        listen 80;
        <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
        listen <%= @server_port %> ssl http2;
        <% end -%>
        server_name <%= @server_name %> <%= @server_aliases.join(" ") %>;

        access_log   /var/log/nginx/<%= @server_name %>.access.log;
        error_log    /var/log/nginx/<%= @server_name %>.error.log;

        client_max_body_size 20m;

        root <%= @docroot %>;
        index index.php;

        location / {
                try_files $uri $uri/ /index.php?$args;
                <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
                set $redirect_to_ssl "no";
                if ($ssl_protocol = "") {
                        set $redirect_to_ssl "yes";
                }
                if ($redirect_to_ssl = yes) {
                        rewrite ^(.*) https://$host$1 permanent;
                }
                <% end -%>
        }

        location ~ \.php$ {
                try_files $uri =404;
                include fastcgi_params;
                fastcgi_pass 127.0.0.1:9001;
                fastcgi_param  SCRIPT_FILENAME  <%= @docroot %>$fastcgi_script_name;
                # Remove the HTTP_PROXY parameter, protect from the HTTPoxy vulnerability
                # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
                fastcgi_param HTTP_PROXY "";
        }

        <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
        ssl_certificate <%= @ssl_cert %>;
        ssl_certificate_key <%= @ssl_key %>;
        <% end -%>
}