added support for includes and auths, extended docu

templates/maps.conf.j2

@@ -0,0 +1,10 @@
+{% for map in nginx.maps %}
+{% set m = nginx.maps[map] %}
+# {{ map }}
+map ${{ m.source }} ${{ m.destination }} {
+{% for i in m.data %}
+	'{{ i }}' '{{ m.data[i] }}';
+{% endfor %}
+}
+
+{% endfor %}

templates/ssl_files.conf.j2

@@ -1,8 +1,6 @@
-{% if nginx.serverpki %}
 # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
 ssl_certificate /etc/ssl/{{ inventory_hostname }}.crt;
 ssl_certificate_key /etc/ssl/private/{{ inventory_hostname }}.key;
-{% endif %}
 
 # verify chain of trust of OCSP response using Root CA and Intermediate certs
 ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;

templates/vhost.conf.j2

@@ -32,7 +32,7 @@ server {
 		proxy_pass {{ vhost.backend }};
 
 		# add proxy headers
-		proxy_set_header  Host $host;
+		proxy_set_header  Host			{% if 'host' in vhost %}"{{ vhost.host }}"{% else %}$host{% endif %};
 		proxy_set_header  X-Real-IP		$remote_addr;
 		proxy_set_header  X-Forwarded-For	$proxy_add_x_forwarded_for;
 		proxy_set_header  X-Forwarded-Proto	$scheme;
@@ -61,8 +61,19 @@ server {
 	}
 	{% endfor %}
 
+	{% if vhost.auth.enable|default(False) %}
+	auth_basic           "restricted area";
+	auth_basic_user_file {{ vhost.auth.path }}; 
+	satisfy {{ vhost.auth.satisfy|d('all') }};
+	{% endif %}
+
+
+	{% for include in vhost.includes|default([]) %}
+	include {{ include }};
+	{% endfor %}
+
 	{% if vhost.letsencrypt|d(False) %}
-		ssl_certificate /etc/ssl/nginx_{{ vhost_name }}.chain.crt;
-		ssl_certificate_key /etc/ssl/private/nginx_{{ vhost_name }}.key;
+	ssl_certificate /etc/ssl/nginx_{{ vhost_name }}.chain.crt;
+	ssl_certificate_key /etc/ssl/private/nginx_{{ vhost_name }}.key;
 	{% endif %}
 }