server {
  listen 80;
  listen [::]:80;

  server_name {{ item.domain }};

  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl;
  listen [::]:443 ssl;

  server_name {{ item.domain }};

  ssl_certificate     {{ item.cert }};
  ssl_certificate_key {{ item.key }};

  include {{ item.ssl_conf }};

  root {{ item.root }};

  try_files $uri/index.html $uri @origin;

  location @origin {
    proxy_cache_bypass $http_upgrade;
    proxy_http_version 1.1;
    proxy_redirect     off;

{% if item.external %}
    proxy_set_header Connection        "upgrade";
    proxy_set_header HOST              $host;
    proxy_set_header Upgrade           $http_upgrade;
    proxy_set_header X-Forwarded-For   $remote_addr;
    proxy_set_header X-Forwarded-Host  $host;
    proxy_set_header X-Forwarded-Port  $server_port;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP         $remote_addr;
{% else %}
    proxy_set_header Connection        "upgrade";
    proxy_set_header HOST              $http_host;
    proxy_set_header Upgrade           $http_upgrade;
    proxy_set_header X-Forwarded-For   $http_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
{% endif %}

    proxy_pass http://{{ item.upstream }};
  }

  error_page 500 502 503 504 /500.html;
  client_max_body_size 4G;
  keepalive_timeout 10;
}