# {{ ansible_managed }}

server {
    # Common proxy snippet
    include "snippets/proxy-common.conf";

    # Set witch server name we define
    server_name {{ item.from }};

    # Permanentely moved to HTTPS
    return 301 https://$host$request_uri;
}

server {
    # Common proxy snippet
    include "snippets/proxy-common-ssl.conf";

    # Set witch server name we define
    server_name {{ item.from }};

    # Separate log files
    access_log  /var/log/nginx/{{ item.name }}.access.log;
    error_log  /var/log/nginx/{{ item.name }}.error.log;

    # Use LetsEncrypt SSL
    ssl_certificate /etc/letsencrypt/live/auro.re/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/auro.re/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/auro.re/chain.pem;

    location / {
        proxy_redirect off;
        proxy_pass http://{{ item.to }};
        proxy_set_header Host {{ item.from }};
        proxy_set_header P-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;

        # "A man is not dead while his name is still spoken." -- Going Postal
        add_header X-Clacks-Overhead "GNU Terry Pratchett";
    }
}