server
{
  server_name {{domain}};

  {% if oauth2_proxy_active | bool %}
  # Include OAuth2 Proxy
  # Raise the maximal header size.
  # Keycloak uses huge headers for authentification 
  proxy_buffer_size 16k;
  proxy_buffers 8 16k;
  proxy_busy_buffers_size 16k;
  large_client_header_buffers 4 16k;

  # OAuth2-Proxy-Endpoint
  location /oauth2/ {
      proxy_pass http://127.0.0.1:{{ports.localhost.oauth2_proxy[application_id]}};
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
  }
  {% endif %}

  {% include 'roles/nginx-global/templates/global.includes.conf.j2'%}
  
  {% if nginx_docker_reverse_proxy_extra_configuration is defined %}
    # Additional Domain Specific Configuration
    {{nginx_docker_reverse_proxy_extra_configuration}}
  {% endif %}

  {% include 'roles/letsencrypt/templates/ssl_header.j2' %}

  {% include 'proxy_pass.conf.j2' %}

}