upstream ${service_name} { least_conn; server ${upstream_host}; } %{for upstream in extra_upstreams~} upstream ${upstream.name} { least_conn; %{for server in upstream.servers~} server ${server}; %{endfor~} } %{endfor~} %{if !allow_non_ssl~} server { # Redirect non-ssl to ssl listen ${http_port}; listen [::]:${http_port}; server_name ${hostname}; return 301 https://$host$request_uri; } %{endif~} server { %{if allow_non_ssl~} # Non-SSL Traffic is allowed listen ${http_port~} listen [::]:${http_port}; %{endif~} # SSL Traffic is allowed listen ${https_port} ssl; listen [::]:${https_port} ssl; server_name ${hostname}; access_log /var/log/nginx/${hostname}.access.log; error_log /var/log/nginx/${hostname}.error.log; %{if enable_ssl~} ssl_certificate /etc/nginx/conf.d/${hostname}.crt; ssl_certificate_key /etc/nginx/conf.d/${hostname}.key; # ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # ssl_ciphers HIGH:!aNULL:!MD5; %{endif~} client_max_body_size 0; location / { %{if host_override != null~} proxy_set_header Host ${host_override}; %{else~} proxy_set_header Host $host; %{endif~} # Server to send the request on to proxy_pass http://${service_name}; # Standard headers setting origin data proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; %{if basic_auth != null~} # Http Basic Auth auth_basic "closed site"; auth_basic_user_file sites-enabled/${auth_file}; %{endif~} # WebSocket support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_cache_bypass $http_upgrade; proxy_buffering off; proxy_set_header Origin ""; # Proxy timeouts proxy_read_timeout ${timeout_seconds}; proxy_connect_timeout ${timeout_seconds}; proxy_send_timeout ${timeout_seconds}; } ${extra_locations} }