{% for server in ingress_servers %}
server {
{% if loop.index == 1 %}
	listen {{ ingress_listen_args }} default_server;
{% else %}
	listen {{ ingress_listen_args }};
{% endif %}
	server_name {{ server.name }};

{% if ingress_directives is defined %}
{% for directive in ingress_directives %}
	{{ directive }};
{% endfor %}
{% endif %}

{% if ingress_listen_tls %}
	# TLS configuration
	ssl_certificate /etc/letsencrypt/live/{{ ingress_servers[0].name }}/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/{{ ingress_servers[0].name }}/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/{{ ingress_servers[0].name }}/chain.pem;
	ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_protocols {{ ingress_tls_protocols }};
	ssl_ciphers {{ ingress_tls_ciphers }};
	ssl_prefer_server_ciphers {{ ingress_tls_prefer_server_ciphers }};
{% endif %}

{% if server.directives is defined %}
	# Extra directives
{% for directive in server.directives %}
	{{ directive }};
{% endfor %}
{% endif %}

{% if server.locations is defined %}
	# Extra manually-defined locations
{% for location in server.locations %}
	location {{ location.location }} {
		{{ location.contents }}
	}
{% endfor %}
{% endif %}

{% if server.proxy_pass is defined %}
	# Singular proxy_pass
	location / {
		proxy_buffer_size 128k;
		proxy_buffers 4 256k;
		proxy_busy_buffers_size 256k;
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_pass {{ server.proxy_pass }};
	}
{% elif server.proxies is defined %}
	# Proxy locations
{% for proxy in server.proxies %}
	location {{ proxy.location }} {
		proxy_buffer_size 128k;
		proxy_buffers 4 256k;
		proxy_busy_buffers_size 256k;
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_pass {{ proxy.pass }};
	}
{% endfor %}
{% endif %}

	resolver {{ ingress_resolver }};
}
{% endfor %}