upstream {{ backendName }} {
  least_conn;
{% for backend in backends %}
  server {{ backend }};
{% endfor %}
}
server {
{% if allowNonSSL %}
  # Non-SSL Traffic is allowed
  listen                        {{ portHttp }};
  listen                        [::]:{{ portHttp }};
{% endif %}
  # SSL Traffic is allowed
  listen                        {{ portHttps }} ssl;
  listen                        [::]:{{ portHttps }} ssl;
  server_name                   {{ serverName }};
  access_log                    /var/log/bouncer/{{ name }}.access.log;
  error_log                     /var/log/bouncer/{{ name }}.error.log;

{% if certType == 'TEMPORARY_CERT' %}
  ssl_certificate               /certs/example.crt;
  ssl_certificate_key           /certs/example.key;
{% elseif certType == 'GLOBAL_CERT' %}
  ssl_certificate               /certs/global.crt;
  ssl_certificate_key           /certs/global.key;
{% elseif certType == 'CUSTOM_CERT' %}
  ssl_certificate               /etc/nginx/sites-enabled/{{ customCertFile }};
  ssl_certificate_key           /etc/nginx/sites-enabled/{{ customCertKeyFile }};
{% elseif certType == 'LETSENCRYPT_CERT' %}
  ssl_certificate               /etc/letsencrypt/live/{{ name }}/fullchain.pem;
  ssl_certificate_key           /etc/letsencrypt/live/{{ name }}/privkey.pem;
{% endif %}
  # ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
  # ssl_ciphers                 HIGH:!aNULL:!MD5;

{% if allowLargePayloads %}
  client_max_body_size 0;
{% endif %}

  location / {
{% if hasHostOverride %}
    proxy_set_header            Host {{ hostOverride }};
{% else %}
    proxy_set_header            Host $host;
{% endif %}

    # Server to send the request on to
    proxy_pass                  "http://{{ backendName }}";

    # Standard headers setting origin data
    proxy_set_header            X-Real-IP $remote_addr;
    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header            X-Forwarded-Proto $scheme;

{% if hasAuth %}
    # Http Basic Auth
    auth_basic                  "closed site";
    auth_basic_user_file        sites-enabled/{{ authFile }};
{% endif %}

{% if allowWebsocketSupport %}
    # WebSocket support
    proxy_http_version          1.1;
    proxy_set_header            Upgrade $http_upgrade;
    proxy_set_header            Connection "Upgrade";
    proxy_cache_bypass          $http_upgrade;
    proxy_buffering             off;
    proxy_set_header            Origin "";
{% endif %}

{% if proxyTimeoutSeconds %}
    # Proxy timeouts
    proxy_read_timeout          {{ proxyTimeoutSeconds }};
    proxy_connect_timeout       {{ proxyTimeoutSeconds }};
    proxy_send_timeout          {{ proxyTimeoutSeconds }};
{% endif %}
  }
}

{% if not allowNonSSL %}
server {
  # Redirect non-ssl to ssl
  listen                        {{ portHttp }};
  listen                        [::]:{{ portHttp }};
  server_name                   {{ serverName }};
  return                        301 https://$host$request_uri;
}
{% endif %}