#RISOTTO: do not compare
%def %%add_location(%%rp_domainname, %%family, %%loc_idx, %%location, %%http)
    location %%location {
        proxy_pass              %%rp_domainname['revprox_url_' + %%family];
  %if %%rp_domainname['revprox_is_websocket_' + %%family][%%loc_idx]
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
  %else
        proxy_set_header        Host                    $http_host;
        proxy_set_header        X-Real-IP               $remote_addr;
        proxy_set_header        X-Forwarded-Host        $host;
        proxy_set_header        X-Forwarded-Port        $server_port;
        proxy_set_header        X-Forwarded-Server      $host;
        proxy_set_header        X-Forwarded-For         $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto       $scheme;
        proxy_set_header        Destination             $dest;
  %end if
  %if not %%http
        proxy_ssl_trusted_certificate %%tls_ca_directory/InternalReverseProxy.crt;
        proxy_ssl_verify       on;
        proxy_ssl_verify_depth 2;
        proxy_ssl_session_reuse on;
        # SNI support
        proxy_ssl_server_name on;
  %end if
  %set %%maxbody = %%rp_domainname['revprox_max_body_size_' + %%family]
  %if %%maxbody
        client_max_body_size %%maxbody;
  %end if
        set                     $dest  $http_destination;
        index  error.html;
        root /var/www/html;
    }
# If user missing '/'
  %if %%location != '/' and %%location.endswith('/')
    location %%location[:-1] {
        rewrite ^(%%location[:-1])$ $1/ permanent;
    }
  %end if
%end def
%def %%add_locations(%%domainname, %%http)
  %for %%remote in %%nginx.remotes
    %set %%family = %%normalize_family(%%remote)
    %set %%revprox = %%nginx['reverse_proxy_for_' + %%family]['reverse_proxy_' + %%family]
    %for %%rp_domainname in %%revprox['revprox_domainnames_' + %%family]
      %if %%rp_domainname['revprox_http_' + %%family] != %%http
        %continue
      %end if
      %if %%str(%%rp_domainname) != 'None' and %%domainname != %%str(%%rp_domainname)
        %continue
      %end if
      %for %%loc_idx, %%location in %%enumerate(%%rp_domainname['revprox_location_' + %%family])
%%add_location(%%rp_domainname, %%family, %%loc_idx, %%location, %%http)
      %end for
    %end for
  %end for
%end def
# Add default HTTP entries if useful
# Not for HTTPs because there is no certificate
%set %%default_http_location = []
%for %%remote in %%nginx.remotes
  %set %%family = %%normalize_family(%%remote)
  %for %%rp_domainname in %%nginx['reverse_proxy_for_' + %%family]['reverse_proxy_' + %%family]['revprox_domainnames_' + %%family]
    %if %%str(%%rp_domainname) == 'None' and %%rp_domainname['revprox_http_' + %%family]
%%default_http_location.append((%%family, %%rp_domainname))
    %end if
  %end for
%end for
%if %%default_http_location
server {
    listen 80;
    server_name _ default;
  %for %%family, %%rp_domainname in %%default_http_location
    %for %%loc_idx, %%location in %%enumerate(%%rp_domainname['revprox_location_' + %%family])
%%add_location(%%rp_domainname, %%family, %%loc_idx, %%location, True)
    %end for
  %end for
    break;
}
%end if
%for %%domainname in %%nginx.revprox_domainnames
# Configuration HTTP %%domainname
server {
    listen 80;
    server_name %%domainname;
%%add_locations(%%domainname, True)%slurp
    location / {
        return 301 https://%%domainname$request_uri;
    }
}

# Configuration HTTPS %%domainname
server {
    listen 443 ssl http2;
    ssl_certificate    %%tls_cert_directory/%%{domainname}.crt;
    ssl_certificate_key     %%tls_key_directory/%%{domainname}.key;
    server_name %%domainname;
    error_page   403 404 502 503 504  /error.html;
    location = /error.html {
        root /var/www/html;
    }

%%add_locations(%%domainname, False)%slurp
}

%end for