server { listen ${http_port}; %{ if tls ~} listen ${https_port} ssl; ssl_certificate /etc/ssl/certs/private/tls.crt; ssl_certificate_key /etc/ssl/certs/private/tls.key; ssl_protocols TLSv1.2 TLSv1.3; %{ endif ~} server_name ${fqdn}; # Custom error page for upstream errors %{ for e in errors ~} error_page ${e} /errors/${e}.html; location = /errors/${e}.html { root /usr/share/nginx/html; internal; } %{ endfor ~} %{ if custom_snippet != "" ~} ${custom_snippet} %{ endif ~} %{ if auth ~} location = /auth { internal; proxy_pass http://localhost:5000/; proxy_pass_request_body off; proxy_set_header Content-Length ""; proxy_set_header Authorization $http_authorization; } %{ endif } %{ for l in locations ~} location ${l.path} { %{ if l.resolver == "" ~} %{ if resolver != "" ~} resolver ${resolver}; %{ endif ~} %{ else ~} resolver ${l.resolver}; %{ endif ~} %{ if l.private ~} auth_request /auth<; %{ endif ~} set $upstream "%{ if l.upstream != "" ~}${l.upstream}%{ else ~}${upstream}%{ endif ~}"; %{ if l.rewrite != "" ~} rewrite ${l.rewrite}; %{ endif ~} proxy_pass $upstream; proxy_connect_timeout ${connect_timeout}; proxy_read_timeout ${read_timeout}; proxy_send_timeout ${send_timeout}; proxy_http_version 1.1; %{ for k,v in l.headers ~} proxy_set_header ${k} ${v}; %{ endfor ~} proxy_intercept_errors on; } %{ endfor ~} }