# {{ ansible_managed }}

# Invidious Instance Proxy
server {
    
    	server_name invidious.{{ domain_name }} www.invidious.{{ domain_name }};
        
    	location / {
        	proxy_pass http://10.0.0.3:3000;
		proxy_set_header X-Forwarded-For $remote_addr;
        	proxy_set_header Host $host;    # so Invidious knows domain
        	proxy_http_version 1.1;     # to keep alive
        	proxy_set_header Connection ""; # to keep alive
        	include proxy_params;
    	}

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/invidious.{{ domain_name }}-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/invidious.{{ domain_name }}-0001/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

# Mail Server Frontend
#server {
#        # SSL configuration
#        #
#        # listen 443 ssl default_server;
#        # listen [::]:443 ssl default_server;
#        #
#        # Note: You should disable gzip for SSL traffic.
#        # See: https://bugs.debian.org/773332
#        #
#        # Read up on ssl_ciphers to ensure a secure configuration.
#        # See: https://bugs.debian.org/765782
#        #
#        # Self signed certs generated by the ssl-cert package
#        # Don't use them in a production server!
#        #
#        # include snippets/snakeoil.conf;
#       
#        root /var/www/html;
#
#        # Add index.php to the list if you are using PHP
#        index index.html index.htm index.nginx-debian.html;
#
#        server_name mail.{{ domain_name }} www.mail.{{ domain_name }};
#
#        location / {
#                # First attempt to serve request as file, then
#                # as directory, then fall back to displaying a 404.
#                try_files $uri $uri/ =404;
#        }
#
#        # pass PHP scripts to FastCGI server
#        #
#        #location ~ \.php$ {
#        #       include snippets/fastcgi-php.conf;
#        #
#        #       # With php-fpm (or other unix sockets):
#        #       fastcgi_pass unix:/run/php/php7.4-fpm.sock;
#        #       # With php-cgi (or other tcp sockets):
#        #       fastcgi_pass 127.0.0.1:9000;
#        #}
#
#        # deny access to .htaccess files, if Apache's document root
#        # concurs with nginx's one
#        #
#        #location ~ /\.ht {
#        #       deny all;
#        #}
#
#    listen [::]:443 ssl; # managed by Certbot
#    listen 443 ssl; # managed by Certbot
#    ssl_certificate /etc/letsencrypt/live/mail.{{ domain_name }}/fullchain.pem; # managed by Certbot
#    ssl_certificate_key /etc/letsencrypt/live/mail.{{ domain_name }}/privkey.pem; # managed by Certbot
#    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
#
#
#}

server {
    if ($host = www.invidious.{{ domain_name }}) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = invidious.{{ domain_name }}) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    	listen 80;
    	listen [::]:80;
    
    	server_name invidious.{{ domain_name }} www.invidious.{{ domain_name }};
    return 404; # managed by Certbot




}
#server {
#    if ($host = www.mail.{{ domain_name }}) {
#        return 301 https://$host$request_uri;
#    } # managed by Certbot
#
#
#    if ($host = mail.{{ domain_name }}) {
#        return 301 https://$host$request_uri;
#    } # managed by Certbot
#
#
#    	listen 80;
#   	listen [::]:80;
#
#        server_name mail.{{ domain_name }} www.mail.{{ domain_name }};
#    return 404; # managed by Certbot
#
#
#
#
#}