upstream backend {
    {% for server in upstream_servers %}
    server {{ server }} max_fails=1 fail_timeout=10s;
    {% endfor %}
}

server {
    listen 80;
    listen 443 ssl;
    server_name {{ proxy.proxy_domain }};

    ssl_certificate /etc/nginx/ssl/{{ ssl_cert_file }};
    ssl_certificate_key /etc/nginx/ssl/{{ ssl_key_file }};

    location / {
        proxy_pass http://backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
    }

    location /health {
        proxy_pass http://backend/health;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}