server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;

    charset utf-8;
    server_tokens off;

    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;

    root /var/www/html;
    location / {
        index index.html;
        autoindex on;
        autoindex_exact_size off;
    }
}

server {
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    server_name _;

    charset utf-8;
    server_tokens off;

    ssl_certificate     /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;

    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;

    root /var/www/html;
    location / {
        index index.html;
        autoindex on;
        autoindex_exact_size off;
    }

    location ^~ /metrics {
        set $metric_addr 127.0.0.1;
        proxy_pass http://$metric_addr:9100/metrics;

        allow 127.0.0.0/8;
        allow ::1/128;
{% for host in groups['ffmwu-monitoring'] %}
        allow {{ lookup('dig', host, 'qtype=A') }};
        allow {{ lookup('dig', host, 'qtype=AAAA') }};
        deny all;
{% endfor %}
    }
}