server {
    server_name  {{ lookup('env', 'CGIT_DOMAIN') }};
    root /usr/local/www/cgit;
    try_files $uri @cgit;

    location @cgit {
          include fastcgi_params;
          fastcgi_param SCRIPT_FILENAME /usr/local/www/cgit/cgit.cgi;
          fastcgi_param PATH_INFO $uri;
          fastcgi_param QUERY_STRING $args;
          fastcgi_param HTTP_HOST $server_name;
          fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/local/www/nginx-dist;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /usr/local/etc/letsencrypt/live/{{ lookup('env', 'CGIT_DOMAIN') }}/fullchain.pem; # managed by Certbot
    ssl_certificate_key /usr/local/etc/letsencrypt/live/{{ lookup('env', 'CGIT_DOMAIN') }}/privkey.pem; # managed by Certbot
    include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}


server {
    if ($host = {{ lookup('env', 'CGIT_DOMAIN') }}) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen       80;
    server_name  {{ lookup('env', 'CGIT_DOMAIN') }};
    return 404; # managed by Certbot
}