upstream {{ upstream_name }} {
    hash $remote_addr consistent;
    zone {{ zone }} 64k;
    server {{ backend1 }}:{{ backend1_port }}; # Use your own IP address
    server {{ backend2 }}:{{ backend2_port }};
    keepalive 120;
}

server {
   listen 80;
   server_name {{ URL }};
   return 301 https://{{ URL }}$request_uri;
}

server {
   listen 443 ssl;
   server_name {{ URL }};
   ssl_certificate  /etc/ssl/client/{{ URL }}.cer; # Client Supplied Certificate
   ssl_certificate_key  /etc/ssl/client/{{ URL }}.key; # Client Supplied Certificate
   ssl_prefer_server_ciphers on;
   ssl_protocols TLSv1.2 TLSv1.3;
   access_log /var/log/nginx/{{ URL }}.access.log main ;
   access_log syslog:server={{ SIEM_IP }}:514,tag=nginx,severity=info;
   error_log /var/log/nginx/{{ URL }}.error.log;
   error_log syslog:server={{ SIEM_IP }}:514,tag=nginx_error,severity=warn;
   status_zone {{ status_zone }};

### WAF Component ###
   include conf.d/00-waf_enable.conf;
### WAF Component ###

   location / {
        proxy_pass         http://{{ upstream_name }}/;
        proxy_set_header   Origin http{{ saml_yes }}://{{ URL }};
        proxy_hide_header  Access-Control-Allow-Origin;
        add_header         Access-Control-Allow-Origin $http_origin;
        proxy_set_header   Host {{ URL }}; # Required if Proxy Header is needed
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $remote_addr;

### Web Sockets (wss) ###
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
### Web Sockets (wss) ###
    }
}