server {
  listen        443 default ssl;
  server_name %%domain_name_eth0;

  ssl_certificate              /etc/pki/tls/certs/nginx.crt;
  ssl_certificate_key          /etc/pki/tls/private/nginx.key;
  ssl_client_certificate       /etc/pki/ca-trust/source/anchors/ca_InternalReverseProxy.crt;

  error_page   403 404 502 503 504  /error.html;
  location = /error.html{
    root /var/www/html;
  }

  add_header                    X-Frame-Options "SAMEORIGIN";
  add_header                    X-Content-Type-Options nosniff;
  add_header                    X-XSS-Protection "1; mode=block";
  add_header                    X-Robots-Tag none;
  add_header                    X-Download-Options noopen;
  add_header                    X-Permitted-Cross-Domain-Policies none;
  add_header                    Strict-Transport-Security 'max-age=31536000; includeSubDomains;';
  add_header                    Referrer-Policy no-referrer always;

%for %%location in %%nginx_locations
  location %%location {
%if %%location == '/'
    root                        %slurp
%else
    alias                       %slurp
%end if
%%nginx_root_directory;
%if not %%getVar('php_fpm_installed', False)
    index                       index.html;
%else
    index                       index.php;
    location ~ ^(?<script_name>.+?\.php)(?<path_info>/.*)?$ {
      fastcgi_pass              php-fpm;
      fastcgi_index             index.php;
      fastcgi_param             SCRIPT_FILENAME $request_filename;
      include                   fastcgi_params;
    }
%end if
  }
%end for
}