|CUSTOM1|
|?DOCROOT=`HOME`/domains/`DOMAIN`/private_html|
|?REALDOCROOT=`HOME`/domains/`DOMAIN`/private_html|
|?OPEN_BASEDIR_PATH=`HOME`/:/tmp:/var/tmp:/opt/alt/php`PHP1_RELEASE`/usr/share/pear/:/dev/urandom:/usr/local/lib/php/|
|?HOST_DOMAIN=`DOMAIN`|
|*if HOST_POINTER|
|?HOST_DOMAIN=`HOST_POINTER`|
|*endif|
server
{
|CUSTOM|
|?SDOCROOT=`DOCROOT`/`SUB`|

	listen |IP|:|PORT_443| ssl;
	http2 on;
	|MULTI_IP|

	server_name |SUB|.|HOST_DOMAIN| www.|SUB|.|HOST_DOMAIN|;

	access_log /var/log/nginx/domains/|DOMAIN|.|SUB|.log;
	access_log /var/log/nginx/domains/|DOMAIN|.|SUB|.bytes bytes;
	error_log /var/log/nginx/domains/|DOMAIN|.|SUB|.error.log;

	root "|SDOCROOT|";

	index index.php index.html index.htm;

	ssl_certificate |CERT|;
	ssl_certificate_key |KEY|;

	|NGINX_PHP_CONF|

	|FORCE_SSL_REDIRECT|

|*if AUTO_SECURITY_TXT="ON"|
    # Automatic security.txt (RFC 9116)
    location = "/.well-known/security.txt" {
        proxy_pass http://unix:/usr/local/directadmin/shared/internal.sock;
        proxy_set_header X-Forwarded-For  $remote_addr;
        proxy_set_header X-Forwarded-Host $host;
    }
|*endif|

|*if HAVE_NGINX_PROXY="1"|
	location /
	{
|CUSTOM2|
		# access_log off;
		proxy_buffering |PROXY_BUFFERING|;
		proxy_pass https://|PROXY_IP|:|PORT_8081|;
		proxy_set_header X-Client-IP      $remote_addr;
		proxy_set_header X-Accel-Internal /nginx_static_files;
		proxy_set_header Host             $host;
		proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
		proxy_hide_header Upgrade;
	}
	location /nginx_static_files/
	{
		# access_log  /var/log/nginx/access_log_proxy;
		alias       "|SDOCROOT|/";
		internal;
	}
|*else|
|NGINX_REDIRECTS|
|HOTLINK_PROTECTION|
|*endif|

|CUSTOM3|
	include /etc/nginx/webapps.ssl.conf;

|*if HAVE_NGINX_PROXY!="1"|
|LOCATION_BLOCKS|
|EXTRA_LOCATIONS|
|*endif|

|MOD_SECURITY_RULES|

|CUSTOM4|
}