server {
        <% if node.chef_environment != "development" && File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
        listen 443 ssl;
        <% else -%>
        listen 80;
        <% end -%>
        server_name <%= @server_name %>;

        access_log   /var/log/nginx/<%= @server_name %>.access.log;
        error_log    /var/log/nginx/<%= @server_name %>.error.log;

        root <%= @docroot %>;
        index index.php;

        client_max_body_size 20M;

        location / {
                try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
                try_files $uri =404;
                include fastcgi_params;
                fastcgi_pass 127.0.0.1:9002;
                fastcgi_param  SCRIPT_FILENAME  <%= @docroot %>$fastcgi_script_name;
                # Remove the HTTP_PROXY parameter, protect from the HTTPoxy vulnerability
                # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
                fastcgi_param HTTP_PROXY "";
        }

        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
        <% if node.chef_environment != "development" && File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
        ssl_certificate <%= @ssl_cert %>;
        ssl_certificate_key <%= @ssl_key %>;
        <% end -%>
}