upstream _<%= @upstream_name %> {
<% @upstream_hosts.each do |host| %>
  server   <%= host %>:<%= @upstream_port %>;
<% end %>
}

server {
  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
  listen [::]:443 ssl http2;

  server_name <%= @domain %>;

  add_header Strict-Transport-Security "max-age=15768000";

  access_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.access.log json;
  error_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.error.log warn;

  location / {
    if ($request_method = 'OPTIONS') {
      add_header 'Access-Control-Allow-Origin' '*';
      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
      add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
      add_header 'Access-Control-Max-Age' 1209600;
      add_header 'Content-Type' 'text/plain; charset=utf-8';
      add_header 'Content-Length' 0;
      return 204;
    }

    proxy_pass http://_<%= @upstream_name %>;

    proxy_redirect off;
    proxy_next_upstream error timeout invalid_header http_500;
    proxy_connect_timeout 2;

    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
   }

  ssl_certificate <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;
}