{% for server_name in [reverse_proxy_site_fqdn] | flatten(levels=1) %}
server {
    listen {{ public_ip }}:80;

    server_name
        {{ server_name }}{% if reverse_proxy_www_redir %} www.{{ server_name }}{% endif %};

    # Redirect ACME Challenges to the upstream server port 80
    location /.well-known/acme-challenge/ {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://{{ hostvars | ip_from_inventory(ansible_hostname) }};
    }

    # Redirect to HTTPS all non-ACME requests
    location / {
        if ($request_method = POST) {
            return 307 https://$server_name$request_uri;
        }
        return 301 https://$server_name$request_uri;
    }
}
{% endfor %}