# used for websockets
# set http_connection to either upgrade or close (as normal)
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    listen 80;
    listen [::]:80;
    server_name {{ item.value.hostnames | join(' ') }};

    include snippets/acmetool.conf;

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name {{ item.value.hostnames | join(' ') }};

    include snippets/acmetool.conf;
    include snippets/ssl.conf;
    ssl_certificate     /var/lib/acme/live/{{ item.value.hostnames[0] }}/fullchain;
    ssl_certificate_key /var/lib/acme/live/{{ item.value.hostnames[0] }}/privkey;
    include snippets/hsts.conf;

    location / {
        proxy_buffering off;
        proxy_ignore_headers "X-Accel-Buffering";
        proxy_request_buffering off;
        proxy_http_version 1.1;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # for websockets
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        proxy_pass {{ item.value.proxy_pass }};
    }
}