# $OpenBSD: httpd.conf,v 1.20 2018/06/13 15:08:24 reyk Exp $

server "default" {
	listen on * port 80
	location "/.well-known/acme-challenge/*" {
		root "/acme"
		request strip 2
	}
    {% if not webserver_tls %}
	location "/pub/*" {
		directory auto index
	}
    {% endif %}
    {% if webserver_tls %}
	location * {
		block return 302 "https://$HTTP_HOST$REQUEST_URI"
	}
    {% endif %}
}

{% if st_tls.results.0.stat.exists and st_tls.results.1.stat.exists and webserver_tls %}
server "default" {
	listen on * tls port 443
	tls {
		certificate "{{ webserver_tls_certificate }}"
		key "{{ webserver_tls_key }}"
	}
	location "/pub/*" {
		directory auto index
	}
	location "/restricted/*" {
		directory auto index
        authenticate "{{ webserver_fqdn }}" with "{{ webserver_htpasswd_file[ansible_distribution|lower].chroot_path }}"
	}
    location "*" {
        block
    }
	location "/.well-known/acme-challenge/*" {
		root "/acme"
		request strip 2
	}
}
{% endif %}