terraform-nginx/nginx-site-available/nginx_template.conf

upstream ${service_name} {
  least_conn;
  server ${upstream_host};
}
%{for upstream in extra_upstreams~}
upstream ${upstream.name} {
  least_conn;
%{for server in upstream.servers~}
  server ${server};
%{endfor~}
}
%{endfor~}

%{if !allow_non_ssl~}
server {
  # Redirect non-ssl to ssl
  listen                        ${http_port};
  listen                        [::]:${http_port};
  server_name                   ${hostname};
  return                        301 https://$host$request_uri;
}
%{endif~}

server {
%{if allow_non_ssl~}
  # Non-SSL Traffic is allowed
  listen                        ${http_port~};
  listen                        [::]:${http_port};
%{endif~}
%{if allow_ssl~}
  # SSL Traffic is allowed
  listen                        ${https_port} ssl;
  listen                        [::]:${https_port} ssl;
%{endif~}
  server_name                   ${hostname};
  access_log                    /var/log/nginx/${hostname}.access.log;
  error_log                     /var/log/nginx/${hostname}.error.log;

%{if enable_ssl~}
  ssl_certificate               /etc/nginx/conf.d/${hostname}.crt;
  ssl_certificate_key           /etc/nginx/conf.d/${hostname}.key;
  # ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
  # ssl_ciphers                 HIGH:!aNULL:!MD5;
%{endif~}

  client_max_body_size 0;

  location / {
%{if host_override != null~}
    proxy_set_header            Host ${host_override};
%{else~}
    proxy_set_header            Host $host;
%{endif~}

    # Server to send the request on to
    proxy_pass                  http://${service_name};

    # Standard headers setting origin data
    proxy_set_header            X-Real-IP $remote_addr;
    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header            X-Forwarded-Proto $scheme;

%{if basic_auth != null~}
    # Http Basic Auth
    auth_basic                  "closed site";
    auth_basic_user_file        sites-enabled/${auth_file};
%{endif~}

    # WebSocket support
    proxy_http_version          1.1;
    proxy_set_header            Upgrade $http_upgrade;
    proxy_set_header            Connection "Upgrade";
    #proxy_set_header            Host $host;
    proxy_cache_bypass          $http_upgrade;
    proxy_buffering             off;
    proxy_set_header            Origin "";

    # Proxy timeouts
    proxy_read_timeout          ${timeout_seconds};
    proxy_connect_timeout       ${timeout_seconds};
    proxy_send_timeout          ${timeout_seconds};
  }

${extra_locations}
}