server "{{ inventory_hostname }}" {
    listen on * port 80
    location "/.well-known/acme-challenge/*" {
        root "/acme"
        request strip 2
    }
    location * {
        block return 302 "https://$HTTP_HOST$REQUEST_URI"
    }
}

{% for vhost in lookup('vars', inventory_hostname + '_domains') %}
server "{{ vhost }}" {
    listen on * tls port 443
    tls {
        certificate "/etc/ssl/{{ vhost }}.fullchain.pem"
        key "/etc/ssl/private/{{ vhost }}.key"
    }
    location "/.well-known/acme-challenge/*" {
        root "/acme"
        request strip 2
    }
    location * {
        root "/vhosts/{{ vhost }}"
    }
}
{% endfor %}