server {
  listen                <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
<% # check to see if ipv6 support exists in the kernel before applying %>
<% if @ipv6_enable && (defined? @ipaddress6) %>
  listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
<% end %>
  server_name           <%= @rewrite_www_to_non_www ? @name.gsub(/^www\./, '') : @server_name.join(" ") %>;
<% if defined? @auth_basic -%>
  auth_basic           "<%= @auth_basic %>";
<% end -%>
<% if defined? @auth_basic_user_file -%>
  auth_basic_user_file <%= @auth_basic_user_file %>;
<% end -%>
<% if defined? @client_max_body_size -%>
  client_max_body_size <%= @client_max_body_size %>;
<% end -%>
<%# make sure that allow comes before deny by forcing the allow key (if it -%>
<%# exists) to be first in the output order.  The hash keys also need to be -%>
<%# sorted so that the ordering is stable. -%>
<% if @vhost_cfg_prepend -%><% @vhost_cfg_prepend.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
<% Array(value).each do |sub| -%>
  <%= key %> <%= sub %>;
<% end %>
<% end -%><% end -%>
<% if @root -%>
  root <%= @root %>;
<% end -%>
<% if @passenger_cgi_param -%><% @passenger_cgi_param.keys.sort.each do |key| -%>
  passenger_set_cgi_param  <%= key %> <%= @passenger_cgi_param[key] %>;
<% end -%><% end -%>
<% @proxy_set_header.each do |header| -%>
  proxy_set_header        <%= header %>;
<% end -%>
<% if @add_header -%><% @add_header.each do |key,value| -%>
  add_header              <%= key %> <%= value %>;
<% end -%><% end -%>
<% if @rewrite_to_https -%>
  if ($ssl_protocol = "") {
       return 301 https://$host$request_uri;
  }
<% end -%>
<% if @index_files.count > 0 -%>
    index <% Array(@index_files).each do |i| %> <%= i %><% end %>;
<% end -%>

  access_log            <%= @access_log_real %>;
  error_log             <%= @error_log_real %>;