server { listen ${http_port}; %{ if tls ~} listen ${https_port} ssl; ssl_certificate /etc/ssl/certs/private/tls.crt; ssl_certificate_key /etc/ssl/certs/private/tls.key; ssl_protocols TLSv1.2 TLSv1.3; %{ endif ~} server_name ${fqdn}; %{ if custom_snippet != "" ~} ${custom_snippet} %{ endif ~} %{ if auth ~} location = /auth { internal; proxy_pass http://localhost:5000/; proxy_pass_request_body off; proxy_set_header Content-Length ""; proxy_set_header Authorization $http_authorization; } %{ endif } %{ for l in locations ~} location ${l.path} { %{ if l.private ~} auth_request /auth; %{ endif ~} %{ if l.rewrite != "" ~} rewrite ${l.rewrite}; %{ endif ~} proxy_pass %{ if l.upstream != "" ~}${l.upstream}%{ else ~}${upstream}%{ endif ~}; proxy_http_version 1.1; %{ for k,v in l.headers ~} proxy_set_header ${k} ${v}; %{ endfor ~} } %{ endfor ~} }