auth_request /auth;
error_page 401 = @error401;

location /auth {
    internal;

    proxy_pass 127.0.0.1:{{ item.value.port }}/auth;
    proxy_pass_request_body off;
    proxy_set_header Content-Length "";
    proxy_set_header X-Origin-URI $request_uri;
    proxy_set_header X-Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

location @error401 {
    return 302 {{ item.value.login_url }}?redir=$scheme://$http_host$request_uri;
}