{{ ansible_header | comment }}

# Automatic Connection header for WebSocket support
# See http://nginx.org/en/docs/http/websocket.html
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

{% for site in reverseproxy.reverseproxy_sites %}
# Redirect http://{{ site.from }} to https://{{ site.from }}
server {
    listen 80;
    listen [::]:80;

    server_name {{ site.from }};

{% for realip in nginx.real_ip_from %}
    set_real_ip_from {{ realip }};
{% endfor %}
    real_ip_header X-Real-Ip;

    location / {
        return 302 https://$host$request_uri;
    }
}

# Reverse proxify https://{{ site.from }} to {% if not site.to.startswith("http") %}http://{% endif %}{{ site.to }}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name {{ site.from }};

    # SSL common conf
    include "/etc/nginx/snippets/options-ssl.{{ site.ssl|default(nginx.default_ssl_domain) }}.conf";

    # Log into separate log files
    access_log      /var/log/nginx/{{ site.from }}.log;
    error_log       /var/log/nginx/{{ site.from }}_error.log;

    # Keep the TCP connection open a bit for faster browsing
    keepalive_timeout 70;

    # Custom error page
    error_page  500 502 503 504  /50x.html;
    location = /50x.html {
        root /var/www/html;
    }

{% for realip in nginx.real_ip_from %}
    set_real_ip_from {{ realip }};
{% endfor %}
    real_ip_header X-Real-Ip;

    location / {
        proxy_pass {% if not site.to.startswith("http") %}http://{% endif %}{{ site.to }};
        include "/etc/nginx/snippets/options-proxypass.conf";
    }
}

{% endfor %}