sce/roles/nginx/templates/nginx-server.j2

# {{ ansible_managed }}
server {
  listen 443 ssl;
  listen [::]:443 ssl;

  server_name {{ site_name }};

  ssl_certificate {{ sce_nginx_certificate_path }}/{{ site_name }}/fullchain.pem;
  ssl_certificate_key {{ sce_nginx_certificate_path }}/{{ site_name }}/privkey.pem;

{% if auth %}
  auth_basic "SCE";
  auth_basic_user_file /etc/nginx/passwdfile;
{% endif %}

  location / {
    proxy_pass http://127.0.0.1:{{ site_port }};
  }
}