server {
  listen 80;
  listen [::]:80;

  listen 443 ssl;
  listen [::]:443 ssl;

  server_name {{ item.key + "." + mydomain if not item.value.internal else item.key + ".internal." + mydomain }};

  ssl_certificate /etc/letsencrypt/live/{{ item.key + "." + mydomain if not item.value.internal else item.key + ".internal." + mydomain }}/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/{{ item.key + "." + mydomain if not item.value.internal else item.key + ".internal." + mydomain }}/privkey.pem;

  include /etc/nginx/conf.d/include/ssl-ciphers.conf;
  include /etc/nginx/conf.d/include/ssl-cache.conf;
  include /etc/nginx/conf.d/include/force-ssl.conf;

  access_log /var/log/nginx/{{ item.key }}_access.log;
  error_log /var/log/nginx/{{ item.key }}_error.log warn;

  location / {
    {% if item.value.upgraded %}
    include /etc/nginx/conf.d/include/upgrade.conf;
    {% endif %}

    {% if item.value.internal %}
    include /etc/nginx/conf.d/include/internal.conf;
    {% endif %}

    set $forward_scheme http;
    set $server "{{ item.value.server }}";
    set $port {{ item.value.port }};
    include /etc/nginx/conf.d/include/proxy.conf;
  }
}