Add multiple servers for reverse proxy template (#194)

* Change custom options to better reflect multiple server support
2019-11-26 03:16:03 +03:30 · 2019-11-26 03:16:03 +03:30 · 1771878e9e
commit 1771878e9e
parent cb014cdab4
5 changed files with 824 additions and 808 deletions
--- a/README.md
+++ b/README.md
@ -201,6 +201,10 @@ nginx_start: true
 # Print NGINX configuration file to terminal after executing playbook.
 nginx_debug_output: false
 # Supported systems
 nginx_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
 nginx_bsd_systems: ['FreeBSD', 'NetBSD', 'OpenBSD', 'DragonFlyBSD', 'HardenedBSD']
 # Specify which type of NGINX you want to install.
 # Options are 'opensource' or 'plus'.
 # Default is 'opensource'.
@ -222,24 +226,23 @@ nginx_install_from: nginx_repository
 # Specify source repository for NGINX Open Source.
 # Only works if 'install_from' is set to 'nginx_repository'.
 # Defaults are the official NGINX repositories.
-nginx_repository:
+# nginx_repository: deb https://nginx.org/packages/mainline/debian/ stretch nginx
-  alpine: >-
+
-      https://nginx.org/packages/{{ (nginx_branch == 'mainline')
+# Choose to install BSD packages or ports.
-      | ternary('mainline/', '') }}alpine/v{{ ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') }}/main
+# Options are True for packages or False for ports.
-  debian:
+# Default is True.
-    - >-
+nginx_bsd_install_packages: true
-      deb https://nginx.org/packages/{{ (nginx_branch == 'mainline')
+
-      | ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx
+# Choose to update BSD ports collection.
-    - >-
+# Options are True for update or False for do not update.
-      deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline')
+# Default is True.
-      | ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx
+nginx_bsd_update_ports: true
-  redhat: >-
+
-      https://nginx.org/packages/{{ (nginx_branch == 'mainline')
+# Choose to install packages built from BSD ports collection if
-      | ternary('mainline/', '') }}{{ (ansible_distribution == "RedHat")
+# available.
-      | ternary('rhel', 'centos') }}/{{ ansible_distribution_major_version }}/$basearch/
+# Options are True for use packages or False for do not use packages.
-  suse: >-
+# Default is True.
-      https://nginx.org/packages/{{ (nginx_branch == 'mainline')
+nginx_bsd_portinstall_use_packages: true
      | ternary('mainline/', '') }}sles/{{ ansible_distribution_major_version }}
 # Specify which branch of NGINX Open Source you want to install.
 # Options are 'mainline' or 'stable'.
@ -379,87 +382,191 @@ nginx_http_template:
    template_file: http/default.conf.j2
    conf_file_name: default.conf
    conf_file_location: /etc/nginx/conf.d/
-    listen:
+    servers:
-      listen_localhost:
+      server1:
-        ip: localhost # Wrap in square brackets for IPv6 addresses
+        listen:
-        port: 8081
+          listen_localhost:
-        opts: [] # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:').
+            ip: localhost # Wrap in square brackets for IPv6 addresses
-    server_name: localhost
+            port: 8081
-    include_files: []
+            opts: [] # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:').
-    error_page: /usr/share/nginx/html
+        server_name: localhost
-    access_log:
+        include_files: []
-      - name: main
+        error_page: /usr/share/nginx/html
-        location: /var/log/nginx/access.log
+        access_log:
-    error_log:
+          - name: main
-      location: /var/log/nginx/error.log
+            location: /var/log/nginx/access.log
-      level: warn
+        error_log:
-    root: /usr/share/nginx/html
+          location: /var/log/nginx/error.log
-    https_redirect: false
+          level: warn
-    autoindex: false
+        root: /usr/share/nginx/html
-    auth_basic: null
+        https_redirect: false
-    auth_basic_user_file: null
+        autoindex: false
-    try_files: $uri $uri/index.html $uri.html =404
+        auth_basic: null
-    #auth_request: /auth
+        auth_basic_user_file: null
-    #auth_request_set:
+        try_files: $uri $uri/index.html $uri.html =404
-      #name: $auth_user
+        #auth_request: /auth
-      #value: $upstream_http_x_user
+        #auth_request_set:
-    client_max_body_size: 1m
+          #name: $auth_user
-    proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
+          #value: $upstream_http_x_user
-    add_headers:
+        client_max_body_size: 1m
-      strict_transport_security:
+        proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
-        name: Strict-Transport-Security
+        add_headers:
-        value: max-age=15768000; includeSubDomains
+          strict_transport_security:
-        always: true
+            name: Strict-Transport-Security
-      #header_name:
+            value: max-age=15768000; includeSubDomains
-        #name: Header-X
+            always: true
-        #value: Value-X
+          #header_name:
-        #always: false
+            #name: Header-X
-    ssl:
+            #value: Value-X
-      cert: /etc/ssl/certs/default.crt
+            #always: false
-      key: /etc/ssl/private/default.key
+        ssl:
-      dhparam: /etc/ssl/private/dh_param.pem
+          cert: /etc/ssl/certs/default.crt
-      protocols: TLSv1 TLSv1.1 TLSv1.2
+          key: /etc/ssl/private/default.key
-      ciphers: HIGH:!aNULL:!MD5
+          dhparam: /etc/ssl/private/dh_param.pem
-      prefer_server_ciphers: true
+          protocols: TLSv1 TLSv1.1 TLSv1.2
-      session_cache: none
+          ciphers: HIGH:!aNULL:!MD5
-      session_timeout: 5m
+          prefer_server_ciphers: true
-      disable_session_tickets: false
+          session_cache: none
-      trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
+          session_timeout: 5m
-      stapling: true
+          disable_session_tickets: false
-      stapling_verify: true
+          trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
-    web_server:
+          stapling: true
-      locations:
+          stapling_verify: true
-        default:
+        #custom_options: []
-          location: /
+        web_server:
-          include_files: []
+          locations:
-          proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
+            default:
-          add_headers:
+              location: /
-            strict_transport_security:
+              include_files: []
-              name: Strict-Transport-Security
+              proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
-              value: max-age=15768000; includeSubDomains
+              add_headers:
-              always: true
+                strict_transport_security:
-            #header_name:
+                  name: Strict-Transport-Security
-              #name: Header-X
+                  value: max-age=15768000; includeSubDomains
-              #value: Value-X
+                  always: true
-              #always: false
+                #header_name:
-          html_file_location: /usr/share/nginx/html
+                  #name: Header-X
-          html_file_name: index.html
+                  #value: Value-X
-          autoindex: false
+                  #always: false
-          auth_basic: null
+              html_file_location: /usr/share/nginx/html
-          auth_basic_user_file: null
+              html_file_name: index.html
-          try_files: $uri $uri/index.html $uri.html =404
+              autoindex: false
-          #auth_request: /auth
+              auth_basic: null
-          #auth_request_set:
+              auth_basic_user_file: null
-            #name: $auth_user
+              try_files: $uri $uri/index.html $uri.html =404
-            #value: $upstream_http_x_user
+              #auth_request: /auth
-          client_max_body_size: 1m
+              #auth_request_set:
-          #returns:
+                #name: $auth_user
-            #return302:
+                #value: $upstream_http_x_user
-              #code: 302
+              client_max_body_size: 1m
-              #url: https://sso.somehost.local/?url=https://$http_host$request_uri
+              #returns:
-          #custom_options: []
+                #return302:
-      http_demo_conf: false
+                  #code: 302
-    reverse_proxy:
+                  #url: https://sso.somehost.local/?url=https://$http_host$request_uri
              #custom_options: []
          http_demo_conf: false
        reverse_proxy:
          locations:
            backend:
              location: /
              include_files: []
              proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
              add_headers:
                strict_transport_security:
                  name: Strict-Transport-Security
                  value: max-age=15768000; includeSubDomains
                  always: true
                #header_name:
                  #name: Header-X
                  #value: Value-X
                  #always: false
              proxy_connect_timeout: null
              proxy_pass: http://backend
              #rewrites:
              # - /foo(.*) /$1 break
              #proxy_pass_request_body: off
              #allows:
              # - 192.168.1.0/24
              #denies:
              # - all
              proxy_set_header:
                header_host:
                  name: Host
                  value: $host
                header_x_real_ip:
                  name: X-Real-IP
                  value: $remote_addr
                header_x_forwarded_for:
                  name: X-Forwarded-For
                  value: $proxy_add_x_forwarded_for
                header_x_forwarded_proto:
                  name: X-Forwarded-Proto
                  value: $scheme
                #header_upgrade:
                  #name: Upgrade
                  #value: $http_upgrade
                #header_connection:
                  #name: Connection
                  #value: "Upgrade"
                #header_random:
                  #name: RandomName
                  #value: RandomValue
              #internal: false
              #proxy_store: off
              #proxy_store_acccess: user:rw
              proxy_read_timeout: null
              proxy_send_timeout: null
              proxy_ssl:
                cert: /etc/ssl/certs/proxy_default.crt
                key: /etc/ssl/private/proxy_default.key
                trusted_cert: /etc/ssl/certs/proxy_ca.crt
                protocols: TLSv1 TLSv1.1 TLSv1.2
                ciphers: HIGH:!aNULL:!MD5
                verify: false
                verify_depth: 1
                session_reuse: true
              proxy_cache: backend_proxy_cache
              proxy_cache_valid:
                - code: 200
                  time: 10m
                - code: 301
                  time: 1m
              proxy_temp_path:
                path: /var/cache/nginx/proxy/backend/temp
              proxy_cache_lock: false
              proxy_cache_min_uses: 3
              proxy_cache_revalidate: false
              proxy_cache_use_stale:
                - http_403
                - http_404
              proxy_ignore_headers:
                - Vary
                - Cache-Control
              proxy_cookie_path:
                path: /web/
                replacement: /
              proxy_buffering: false
              proxy_http_version: 1.0
              websocket: false
              auth_basic: null
              auth_basic_user_file: null
              try_files: $uri $uri/index.html $uri.html =404
              #auth_request: /auth
              #auth_request_set:
                #name: $auth_user
                #value: $upstream_http_x_user
              #returns:
                #return302:
                  #code: 302
                  #url: https://sso.somehost.local/?url=https://$http_host$request_uri
              #custom_options: []
          health_check_plus: false
        returns:
          return301:
            location: /
            code: 301
            value: http://$host$request_uri
    proxy_cache:
      proxy_cache_path:
        - path: /var/cache/nginx/proxy/backend
          keys_zone:
@ -471,6 +578,11 @@ nginx_http_template:
          use_temp_path: true
      proxy_temp_path:
        path: /var/cache/nginx/proxy/temp
      proxy_cache_valid:
        - code: 200
          time: 10m
        - code: 301
          time: 1m
      proxy_cache_lock: true
      proxy_cache_min_uses: 5
      proxy_cache_revalidate: true
@ -479,108 +591,6 @@ nginx_http_template:
        - timeout
      proxy_ignore_headers:
        - Expires
      locations:
        backend:
          location: /
          include_files: []
          proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
          add_headers:
            strict_transport_security:
              name: Strict-Transport-Security
              value: max-age=15768000; includeSubDomains
              always: true
            #header_name:
              #name: Header-X
              #value: Value-X
              #always: false
          proxy_connect_timeout: null
          proxy_pass: http://backend
          #rewrites:
          # - /foo(.*) /$1 break
          #proxy_pass_request_body: off
          #allows:
          # - 192.168.1.0/24
          #denies:
          # - all
          proxy_set_header:
            header_host:
              name: Host
              value: $host
            header_x_real_ip:
              name: X-Real-IP
              value: $remote_addr
            header_x_forwarded_for:
              name: X-Forwarded-For
              value: $proxy_add_x_forwarded_for
            header_x_forwarded_proto:
              name: X-Forwarded-Proto
              value: $scheme
            #header_upgrade:
              #name: Upgrade
              #value: $http_upgrade
            #header_connection:
              #name: Connection
              #value: "Upgrade"
            #header_random:
              #name: RandomName
              #value: RandomValue
          #internal: false
          #proxy_store: off
          #proxy_store_acccess: user:rw
          proxy_read_timeout: null
          proxy_ssl:
            cert: /etc/ssl/certs/proxy_default.crt
            key: /etc/ssl/private/proxy_default.key
            trusted_cert: /etc/ssl/certs/proxy_ca.crt
            protocols: TLSv1 TLSv1.1 TLSv1.2
            ciphers: HIGH:!aNULL:!MD5
            verify: false
            verify_depth: 1
            session_reuse: true
          proxy_cache: frontend_proxy_cache
          proxy_cache_valid:
            - code: 200
              time: 10m
            - code: 301
              time: 1m
          proxy_temp_path:
            path: /var/cache/nginx/proxy/backend/temp
          proxy_cache_lock: false
          proxy_cache_min_uses: 3
          proxy_cache_revalidate: false
          proxy_cache_use_stale:
            - http_403
            - http_404
          proxy_ignore_headers:
            - Vary
            - Cache-Control
          proxy_cookie_path:
            path: /web/
            replacement: /
          proxy_buffering: false
          proxy_http_version: 1.0
          websocket: false
          auth_basic: null
          auth_basic_user_file: null
          try_files: $uri $uri/index.html $uri.html =404
          #auth_request: /auth
          #auth_request_set:
            #name: $auth_user
            #value: $upstream_http_x_user
          #returns:
            #return302:
              #code: 302
              #url: https://sso.somehost.local/?url=https://$http_host$request_uri
          #custom_options: []
      health_check_plus: false
    proxy_cache:
      proxy_cache_path:
        path: /var/cache/nginx
        keys_zone:
          name: one
          size: 10m
      proxy_temp_path:
        path: /var/cache/nginx/proxy
    upstreams:
      upstream1:
        name: backend
@ -595,13 +605,7 @@ nginx_http_template:
            weight: 1
            health_check: max_fails=1 fail_timeout=10s
        #custom_options: []
-    returns:
+      #custom_options: []
      return301:
        location: /
        code: 301
        value: http://$host$request_uri
    #http_custom_options: []
    #server_custom_options: []
 # Enable NGINX status data.
 # Will enable 'stub_status' in NGINX Open Source and 'status' in NGINX Plus.
@ -740,23 +744,25 @@ This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a
        template_file: http/default.conf.j2
        conf_file_name: default.conf
        conf_file_location: /etc/nginx/conf.d/
-        listen:
+        servers:
-          listen_localhost:
+          server1:  
-            #ip: 0.0.0.0
+            listen:
-            port: 80
+              listen_localhost:
-            opts:
+                #ip: 0.0.0.0
-              - default_server
+                port: 80
-        server_name: localhost
+                opts:
-        error_page: /usr/share/nginx/html
+                  - default_server
-        autoindex: false
+            server_name: localhost
-        reverse_proxy:
+            error_page: /usr/share/nginx/html
-          locations:
+            autoindex: false
-            frontend:
+            reverse_proxy:
-              location: /
+              locations:
-              proxy_pass: http://frontend_servers
+                frontend:
-            backend:
+                  location: /
-              location: /backend
+                  proxy_pass: http://frontend_servers
-              proxy_pass: http://backend_servers
+                backend:
                  location: /backend
                  proxy_pass: http://backend_servers
        upstreams:
          upstream_1:
            name: frontend_servers
@ -786,44 +792,48 @@ This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a
        template_file: http/default.conf.j2
        conf_file_name: frontend_default.conf
        conf_file_location: /etc/nginx/conf.d/
-        listen:
+        servers:
-          listen_localhost:
+          server1:
-            ip: 0.0.0.0
+            listen:
-            port: 8081
+              listen_localhost:
-            opts: []
+                ip: 0.0.0.0
-        server_name: localhost
+                port: 8081
-        error_page: /usr/share/nginx/html
+                opts: []
-        autoindex: false
+            server_name: localhost
-        web_server:
+            error_page: /usr/share/nginx/html
-          locations:
+            autoindex: false
-            frontend_site:
+            web_server:
-              location: /
+              locations:
-              proxy_hide_headers:
+                frontend_site:
-                - X-Powered-By
+                  location: /
-              html_file_location: /usr/share/nginx/html
+                  proxy_hide_headers:
-              html_file_name: index.html
+                    - X-Powered-By
-              autoindex: false
+                  html_file_location: /usr/share/nginx/html
-          http_demo_conf: false
+                  html_file_name: index.html
                  autoindex: false
              http_demo_conf: false
      backend:
        template_file: http/default.conf.j2
        conf_file_name: backend_default.conf
        conf_file_location: /etc/nginx/conf.d/
-        listen:
+        servers:
-          listen_localhost:
+          server1:
-            ip: 0.0.0.0
+            listen:
-            port: 8082
+              listen_localhost:
-            opts: []
+                ip: 0.0.0.0
-        server_name: localhost
+                port: 8082
-        error_page: /usr/share/nginx/html
+                opts: []
-        autoindex: false
+            server_name: localhost
-        web_server:
+            error_page: /usr/share/nginx/html
-          locations:
+            autoindex: false
-            backend_site:
+            web_server:
-              location: /
+              locations:
-              html_file_location: /usr/share/nginx/html
+                backend_site:
-              html_file_name: index.html
+                  location: /
-              autoindex: false
+                  html_file_location: /usr/share/nginx/html
-          http_demo_conf: false
+                  html_file_name: index.html
                  autoindex: false
              http_demo_conf: false
 ```
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -191,87 +191,191 @@ nginx_http_template:
    template_file: http/default.conf.j2
    conf_file_name: default.conf
    conf_file_location: /etc/nginx/conf.d/
-    listen:
+    servers:
-      listen_localhost:
+      server1:
-        ip: localhost # Wrap in square brackets for IPv6 addresses
+        listen:
-        port: 8081
+          listen_localhost:
-        opts: [] # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:').
+            ip: localhost # Wrap in square brackets for IPv6 addresses
-    server_name: localhost
+            port: 8081
-    include_files: []
+            opts: [] # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:').
-    error_page: /usr/share/nginx/html
+        server_name: localhost
-    access_log:
+        include_files: []
-      - name: main
+        error_page: /usr/share/nginx/html
-        location: /var/log/nginx/access.log
+        access_log:
-    error_log:
+          - name: main
-      location: /var/log/nginx/error.log
+            location: /var/log/nginx/access.log
-      level: warn
+        error_log:
-    root: /usr/share/nginx/html
+          location: /var/log/nginx/error.log
-    https_redirect: false
+          level: warn
-    autoindex: false
+        root: /usr/share/nginx/html
-    auth_basic: null
+        https_redirect: false
-    auth_basic_user_file: null
+        autoindex: false
-    try_files: $uri $uri/index.html $uri.html =404
+        auth_basic: null
-    #auth_request: /auth
+        auth_basic_user_file: null
-    #auth_request_set:
+        try_files: $uri $uri/index.html $uri.html =404
-      #name: $auth_user
+        #auth_request: /auth
-      #value: $upstream_http_x_user
+        #auth_request_set:
-    client_max_body_size: 1m
+          #name: $auth_user
-    proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
+          #value: $upstream_http_x_user
-    add_headers:
+        client_max_body_size: 1m
-      strict_transport_security:
+        proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
-        name: Strict-Transport-Security
+        add_headers:
-        value: max-age=15768000; includeSubDomains
+          strict_transport_security:
-        always: true
+            name: Strict-Transport-Security
-      #header_name:
+            value: max-age=15768000; includeSubDomains
-        #name: Header-X
+            always: true
-        #value: Value-X
+          #header_name:
-        #always: false
+            #name: Header-X
-    ssl:
+            #value: Value-X
-      cert: /etc/ssl/certs/default.crt
+            #always: false
-      key: /etc/ssl/private/default.key
+        ssl:
-      dhparam: /etc/ssl/private/dh_param.pem
+          cert: /etc/ssl/certs/default.crt
-      protocols: TLSv1 TLSv1.1 TLSv1.2
+          key: /etc/ssl/private/default.key
-      ciphers: HIGH:!aNULL:!MD5
+          dhparam: /etc/ssl/private/dh_param.pem
-      prefer_server_ciphers: true
+          protocols: TLSv1 TLSv1.1 TLSv1.2
-      session_cache: none
+          ciphers: HIGH:!aNULL:!MD5
-      session_timeout: 5m
+          prefer_server_ciphers: true
-      disable_session_tickets: false
+          session_cache: none
-      trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
+          session_timeout: 5m
-      stapling: true
+          disable_session_tickets: false
-      stapling_verify: true
+          trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
-    web_server:
+          stapling: true
-      locations:
+          stapling_verify: true
-        default:
+        #custom_options: []
-          location: /
+        web_server:
-          include_files: []
+          locations:
-          proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
+            default:
-          add_headers:
+              location: /
-            strict_transport_security:
+              include_files: []
-              name: Strict-Transport-Security
+              proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
-              value: max-age=15768000; includeSubDomains
+              add_headers:
-              always: true
+                strict_transport_security:
-            #header_name:
+                  name: Strict-Transport-Security
-              #name: Header-X
+                  value: max-age=15768000; includeSubDomains
-              #value: Value-X
+                  always: true
-              #always: false
+                #header_name:
-          html_file_location: /usr/share/nginx/html
+                  #name: Header-X
-          html_file_name: index.html
+                  #value: Value-X
-          autoindex: false
+                  #always: false
-          auth_basic: null
+              html_file_location: /usr/share/nginx/html
-          auth_basic_user_file: null
+              html_file_name: index.html
-          try_files: $uri $uri/index.html $uri.html =404
+              autoindex: false
-          #auth_request: /auth
+              auth_basic: null
-          #auth_request_set:
+              auth_basic_user_file: null
-            #name: $auth_user
+              try_files: $uri $uri/index.html $uri.html =404
-            #value: $upstream_http_x_user
+              #auth_request: /auth
-          client_max_body_size: 1m
+              #auth_request_set:
-          #returns:
+                #name: $auth_user
-            #return302:
+                #value: $upstream_http_x_user
-              #code: 302
+              client_max_body_size: 1m
-              #url: https://sso.somehost.local/?url=https://$http_host$request_uri
+              #returns:
-          #custom_options: []
+                #return302:
-      http_demo_conf: false
+                  #code: 302
-    reverse_proxy:
+                  #url: https://sso.somehost.local/?url=https://$http_host$request_uri
              #custom_options: []
          http_demo_conf: false
        reverse_proxy:
          locations:
            backend:
              location: /
              include_files: []
              proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
              add_headers:
                strict_transport_security:
                  name: Strict-Transport-Security
                  value: max-age=15768000; includeSubDomains
                  always: true
                #header_name:
                  #name: Header-X
                  #value: Value-X
                  #always: false
              proxy_connect_timeout: null
              proxy_pass: http://backend
              #rewrites:
              # - /foo(.*) /$1 break
              #proxy_pass_request_body: off
              #allows:
              # - 192.168.1.0/24
              #denies:
              # - all
              proxy_set_header:
                header_host:
                  name: Host
                  value: $host
                header_x_real_ip:
                  name: X-Real-IP
                  value: $remote_addr
                header_x_forwarded_for:
                  name: X-Forwarded-For
                  value: $proxy_add_x_forwarded_for
                header_x_forwarded_proto:
                  name: X-Forwarded-Proto
                  value: $scheme
                #header_upgrade:
                  #name: Upgrade
                  #value: $http_upgrade
                #header_connection:
                  #name: Connection
                  #value: "Upgrade"
                #header_random:
                  #name: RandomName
                  #value: RandomValue
              #internal: false
              #proxy_store: off
              #proxy_store_acccess: user:rw
              proxy_read_timeout: null
              proxy_send_timeout: null
              proxy_ssl:
                cert: /etc/ssl/certs/proxy_default.crt
                key: /etc/ssl/private/proxy_default.key
                trusted_cert: /etc/ssl/certs/proxy_ca.crt
                protocols: TLSv1 TLSv1.1 TLSv1.2
                ciphers: HIGH:!aNULL:!MD5
                verify: false
                verify_depth: 1
                session_reuse: true
              proxy_cache: backend_proxy_cache
              proxy_cache_valid:
                - code: 200
                  time: 10m
                - code: 301
                  time: 1m
              proxy_temp_path:
                path: /var/cache/nginx/proxy/backend/temp
              proxy_cache_lock: false
              proxy_cache_min_uses: 3
              proxy_cache_revalidate: false
              proxy_cache_use_stale:
                - http_403
                - http_404
              proxy_ignore_headers:
                - Vary
                - Cache-Control
              proxy_cookie_path:
                path: /web/
                replacement: /
              proxy_buffering: false
              proxy_http_version: 1.0
              websocket: false
              auth_basic: null
              auth_basic_user_file: null
              try_files: $uri $uri/index.html $uri.html =404
              #auth_request: /auth
              #auth_request_set:
                #name: $auth_user
                #value: $upstream_http_x_user
              #returns:
                #return302:
                  #code: 302
                  #url: https://sso.somehost.local/?url=https://$http_host$request_uri
              #custom_options: []
          health_check_plus: false
        returns:
          return301:
            location: /
            code: 301
            value: http://$host$request_uri
    proxy_cache:
      proxy_cache_path:
        - path: /var/cache/nginx/proxy/backend
          keys_zone:
@ -296,109 +400,6 @@ nginx_http_template:
        - timeout
      proxy_ignore_headers:
        - Expires
      locations:
        backend:
          location: /
          include_files: []
          proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
          add_headers:
            strict_transport_security:
              name: Strict-Transport-Security
              value: max-age=15768000; includeSubDomains
              always: true
            #header_name:
              #name: Header-X
              #value: Value-X
              #always: false
          proxy_connect_timeout: null
          proxy_pass: http://backend
          #rewrites:
          # - /foo(.*) /$1 break
          #proxy_pass_request_body: off
          #allows:
          # - 192.168.1.0/24
          #denies:
          # - all
          proxy_set_header:
            header_host:
              name: Host
              value: $host
            header_x_real_ip:
              name: X-Real-IP
              value: $remote_addr
            header_x_forwarded_for:
              name: X-Forwarded-For
              value: $proxy_add_x_forwarded_for
            header_x_forwarded_proto:
              name: X-Forwarded-Proto
              value: $scheme
            #header_upgrade:
              #name: Upgrade
              #value: $http_upgrade
            #header_connection:
              #name: Connection
              #value: "Upgrade"
            #header_random:
              #name: RandomName
              #value: RandomValue
          #internal: false
          #proxy_store: off
          #proxy_store_acccess: user:rw
          proxy_read_timeout: null
          proxy_send_timeout: null
          proxy_ssl:
            cert: /etc/ssl/certs/proxy_default.crt
            key: /etc/ssl/private/proxy_default.key
            trusted_cert: /etc/ssl/certs/proxy_ca.crt
            protocols: TLSv1 TLSv1.1 TLSv1.2
            ciphers: HIGH:!aNULL:!MD5
            verify: false
            verify_depth: 1
            session_reuse: true
          proxy_cache: backend_proxy_cache
          proxy_cache_valid:
            - code: 200
              time: 10m
            - code: 301
              time: 1m
          proxy_temp_path:
            path: /var/cache/nginx/proxy/backend/temp
          proxy_cache_lock: false
          proxy_cache_min_uses: 3
          proxy_cache_revalidate: false
          proxy_cache_use_stale:
            - http_403
            - http_404
          proxy_ignore_headers:
            - Vary
            - Cache-Control
          proxy_cookie_path:
            path: /web/
            replacement: /
          proxy_buffering: false
          proxy_http_version: 1.0
          websocket: false
          auth_basic: null
          auth_basic_user_file: null
          try_files: $uri $uri/index.html $uri.html =404
          #auth_request: /auth
          #auth_request_set:
            #name: $auth_user
            #value: $upstream_http_x_user
          #returns:
            #return302:
              #code: 302
              #url: https://sso.somehost.local/?url=https://$http_host$request_uri
          #custom_options: []
      health_check_plus: false
    proxy_cache:
      proxy_cache_path:
        path: /var/cache/nginx
        keys_zone:
          name: one
          size: 10m
      proxy_temp_path:
        path: /var/cache/nginx/proxy
    upstreams:
      upstream1:
        name: backend
@ -413,13 +414,7 @@ nginx_http_template:
            weight: 1
            health_check: max_fails=1 fail_timeout=10s
        #custom_options: []
-    returns:
+      #custom_options: []
      return301:
        location: /
        code: 301
        value: http://$host$request_uri
    #http_custom_options: []
    #server_custom_options: []
 # Enable NGINX status data.
 # Will enable 'stub_status' in NGINX Open Source and 'status' in NGINX Plus.
--- a/molecule/template/playbook.yml
+++ b/molecule/template/playbook.yml
@ -42,23 +42,111 @@
        template_file: http/default.conf.j2
        conf_file_name: default.conf
        conf_file_location: /etc/nginx/conf.d/
-        listen:
+        servers:
-          listen_localhost:
+          server1:
-            ip: 0.0.0.0
+            listen:
-            port: 80
+              listen_localhost:
-            opts:
+                ip: 0.0.0.0
-              - default_server
+                port: 80
-        server_name: localhost
+                opts:
-        error_page: /usr/share/nginx/html
+                  - default_server
-        client_max_body_size: 512k
+            server_name: localhost
-        proxy_hide_headers:
+            error_page: /usr/share/nginx/html
-          - X-Powered-By
+            client_max_body_size: 512k
-        add_headers:
+            proxy_hide_headers:
-          strict_transport_security:
+              - X-Powered-By
-            name: Strict-Transport-Security
+            add_headers:
-            value: max-age=15768000; includeSubDomains
+              strict_transport_security:
-            always: true
+                name: Strict-Transport-Security
-        reverse_proxy:
+                value: max-age=15768000; includeSubDomains
                always: true
            reverse_proxy:
              locations:
                frontend:
                  location: /
                  proxy_hide_headers:
                    - X-Powered-By
                  add_headers:
                    strict_transport_security:
                      name: Strict-Transport-Security
                      value: max-age=15768000; includeSubDomains
                      always: true
                    another_header:
                      name: Fancy-New-Header-To-Test
                      value: testing=true
                      always: false
                  proxy_pass: http://frontend_servers/
                  proxy_cache: frontend_proxy_cache
                  proxy_cache_valid:
                    - code: 200
                      time: 10m
                    - code: 301
                      time: 1m
                  proxy_temp_path:
                    path: /var/cache/nginx/proxy/frontend/temp
                  proxy_cache_lock: false
                  proxy_cache_min_uses: 3
                  proxy_cache_revalidate: false
                  proxy_cache_use_stale:
                    - http_403
                    - http_404
                  proxy_ignore_headers:
                    - Vary
                    - Cache-Control
                  proxy_redirect: false
                  proxy_set_header:
                    header_host:
                      name: Host
                      value: $host
                    header_x_real_ip:
                      name: X-Real-IP
                      value: $remote_addr
                    header_x_forwarded_for:
                      name: X-Forwarded-For
                      value: $proxy_add_x_forwarded_for
                    header_x_forwarded_proto:
                      name: X-Forwarded-Proto
                      value: $scheme
                  proxy_buffering: false
                  client_max_body_size: 5m
                backend:
                  location: /backend
                  proxy_pass: http://backend_servers/
                  proxy_cache: backend_proxy_cache
                  proxy_cache_valid:
                    - time: 10m
                  proxy_temp_path:
                    path: /var/cache/nginx/proxy/backend/temp
                  proxy_cache_lock: true
                  proxy_cache_min_uses: 2
                  proxy_cache_revalidate: true
                  proxy_cache_use_stale:
                    - http_500
                    - http_502
                    - http_503
                  proxy_redirect: default
                  proxy_set_header:
                    header_host:
                      name: Host
                      value: $host
                    header_x_real_ip:
                      name: X-Real-IP
                      value: $remote_addr
                    header_x_forwarded_for:
                      name: X-Forwarded-For
                      value: $proxy_add_x_forwarded_for
                    header_x_forwarded_proto:
                      name: X-Forwarded-Proto
                      value: $scheme
                  proxy_cookie_path:
                    path: /web/
                    replacement: /
            returns:
              return301:
                location: ^~ /old-path
                code: 301
                value: http://$host/new-path
        proxy_cache:
          proxy_cache_path:
            - path: /var/cache/nginx/proxy/frontend
              keys_zone:
@ -86,86 +174,6 @@
            - timeout
          proxy_ignore_headers:
            - Expires
          locations:
            frontend:
              location: /
              proxy_hide_headers:
                - X-Powered-By
              add_headers:
                strict_transport_security:
                  name: Strict-Transport-Security
                  value: max-age=15768000; includeSubDomains
                  always: true
                another_header:
                  name: Fancy-New-Header-To-Test
                  value: testing=true
                  always: false
              proxy_pass: http://frontend_servers/
              proxy_cache: frontend_proxy_cache
              proxy_cache_valid:
                - code: 200
                  time: 10m
                - code: 301
                  time: 1m
              proxy_temp_path:
                path: /var/cache/nginx/proxy/frontend/temp
              proxy_cache_lock: false
              proxy_cache_min_uses: 3
              proxy_cache_revalidate: false
              proxy_cache_use_stale:
                - http_403
                - http_404
              proxy_ignore_headers:
                - Vary
                - Cache-Control
              proxy_redirect: false
              proxy_set_header:
                header_host:
                  name: Host
                  value: $host
                header_x_real_ip:
                  name: X-Real-IP
                  value: $remote_addr
                header_x_forwarded_for:
                  name: X-Forwarded-For
                  value: $proxy_add_x_forwarded_for
                header_x_forwarded_proto:
                  name: X-Forwarded-Proto
                  value: $scheme
              proxy_buffering: false
              client_max_body_size: 5m
            backend:
              location: /backend
              proxy_pass: http://backend_servers/
              proxy_cache: backend_proxy_cache
              proxy_cache_valid:
                - time: 10m
              proxy_temp_path:
                path: /var/cache/nginx/proxy/backend/temp
              proxy_cache_lock: true
              proxy_cache_min_uses: 2
              proxy_cache_revalidate: true
              proxy_cache_use_stale:
                - http_500
                - http_502
                - http_503
              proxy_redirect: default
              proxy_set_header:
                header_host:
                  name: Host
                  value: $host
                header_x_real_ip:
                  name: X-Real-IP
                  value: $remote_addr
                header_x_forwarded_for:
                  name: X-Forwarded-For
                  value: $proxy_add_x_forwarded_for
                header_x_forwarded_proto:
                  name: X-Forwarded-Proto
                  value: $scheme
              proxy_cookie_path:
                path: /web/
                replacement: /
        upstreams:
          frontend_upstream:
            name: frontend_servers
@ -191,61 +199,60 @@
                port: 8082
                weight: 1
                health_check: max_fails=3 fail_timeout=5s
        returns:
          return301:
            location: ^~ /old-path
            code: 301
            value: http://$host/new-path
      frontend:
        template_file: http/default.conf.j2
        conf_file_name: frontend_default.conf
        conf_file_location: /etc/nginx/conf.d/
-        listen:
+        servers:
-          listen_localhost:
+          server1:
-            port: 8081
+            listen:
-            opts: []
+              listen_localhost:
-        server_name: localhost
+                port: 8081
-        error_page: /usr/share/nginx/html
+                opts: []
-        autoindex: false
+            server_name: localhost
-        web_server:
+            error_page: /usr/share/nginx/html
-          locations:
+            autoindex: false
-            frontend_site:
+            web_server:
-              location: /
+              locations:
-              proxy_hide_headers:
+                frontend_site:
-                - X-Powered-By
+                  location: /
-              html_file_location: /usr/share/nginx/html
+                  proxy_hide_headers:
-              html_file_name: frontend_index.html
+                    - X-Powered-By
-              autoindex: false
+                  html_file_location: /usr/share/nginx/html
-          http_demo_conf: true
+                  html_file_name: frontend_index.html
                  autoindex: false
              http_demo_conf: true
      backend:
        template_file: http/default.conf.j2
        conf_file_name: backend_default.conf
        conf_file_location: /etc/nginx/conf.d/
-        listen:
+        servers:
-          listen_localhost:
+          server1:
-            port: 8082
+            listen:
-            opts: []
+              listen_localhost:
-        server_name: localhost
+                port: 8082
-        error_page: /usr/share/nginx/html
+                opts: []
-        autoindex: false
+            server_name: localhost
-        web_server:
+            error_page: /usr/share/nginx/html
-          locations:
+            autoindex: false
-            backend_site:
+            web_server:
-              location: /
+              locations:
-              html_file_location: /usr/share/nginx/html
+                backend_site:
-              html_file_name: backend_index.html
+                  location: /
-              autoindex: false
+                  html_file_location: /usr/share/nginx/html
-            php:
+                  html_file_name: backend_index.html
-              location: ~ \.php$
+                  autoindex: false
-              html_file_location: /usr/share/nginx/html
+                php:
-              autoindex: false
+                  location: ~ \.php$
-              custom_options:
+                  html_file_location: /usr/share/nginx/html
-                - fastcgi_split_path_info ^(.+\.php)(/.+)$
+                  autoindex: false
-                - fastcgi_pass unix:/run/php/php7.2-fpm.sock
+                  custom_options:
-                - fastcgi_index index.php
+                    - fastcgi_split_path_info ^(.+\.php)(/.+)$
-                - include fastcgi_params
+                    - fastcgi_pass unix:/run/php/php7.2-fpm.sock
-                - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name
+                    - fastcgi_index index.php
-          http_demo_conf: true
+                    - include fastcgi_params
                    - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name
              http_demo_conf: true
    nginx_html_demo_template_enable: true
    nginx_html_demo_template:
      frontend:
--- a/tasks/conf/template-config.yml
+++ b/tasks/conf/template-config.yml
@ -42,7 +42,7 @@
    owner: "{{ nginx_main_template.user | default('nginx') }}"
  with_subelements:
    - "{{ nginx_http_template }}"
-    - reverse_proxy.proxy_cache_path
+    - proxy_cache.proxy_cache_path
    - skip_missing: true
  when: nginx_http_template_enable | bool
--- a/templates/http/default.conf.j2
+++ b/templates/http/default.conf.j2
@ -22,36 +22,36 @@ upstream {{ item.value.upstreams[upstream].name }} {
 {% endfor %}
 {% endif %}
-{% if item.value.reverse_proxy is defined and item.value.reverse_proxy %}
+{% if item.value.proxy_cache is defined and item.value.proxy_cache %}
-{% if item.value.reverse_proxy.proxy_cache_path is defined and item.value.reverse_proxy.proxy_cache_path %}
+{% if item.value.proxy_cache.proxy_cache_path is defined and item.value.proxy_cache.proxy_cache_path %}
-{% for proxy_cache_path in item.value.reverse_proxy.proxy_cache_path %}
+{% for proxy_cache_path in item.value.proxy_cache.proxy_cache_path %}
 proxy_cache_path {{ proxy_cache_path.path }} keys_zone={{ proxy_cache_path.keys_zone.name }}:{{ proxy_cache_path.keys_zone.size }}
                levels={{ proxy_cache_path.levels }} max_size={{ proxy_cache_path.max_size }}
                inactive={{ proxy_cache_path.inactive }} use_temp_path={{ proxy_cache_path.use_temp_path | ternary("on", "off") }};
 {% endfor %}
-{% if item.value.reverse_proxy.proxy_cache_background_update is defined and item.value.reverse_proxy.proxy_cache_background_update%}
+{% if item.value.proxy_cache.proxy_cache_background_update is defined and item.value.proxy_cache.proxy_cache_background_update%}
-proxy_cache_background_update {{ item.value.reverse_proxy.proxy_cache_background_update | ternary("on", "off") }};
+proxy_cache_background_update {{ item.value.proxy_cache.proxy_cache_background_update | ternary("on", "off") }};
 {% endif %}
-{% if item.value.reverse_proxy.proxy_cache_lock is defined and item.value.reverse_proxy.proxy_cache_lock %}
+{% if item.value.proxy_cache.proxy_cache_lock is defined and item.value.proxy_cache.proxy_cache_lock %}
-proxy_cache_lock {{ item.value.reverse_proxy.proxy_cache_lock | ternary("on", "off") }};
+proxy_cache_lock {{ item.value.proxy_cache.proxy_cache_lock | ternary("on", "off") }};
 {% endif %}
-{% if item.value.reverse_proxy.proxy_cache_min_uses is defined and item.value.reverse_proxy.proxy_cache_min_uses %}
+{% if item.value.proxy_cache.proxy_cache_min_uses is defined and item.value.proxy_cache.proxy_cache_min_uses %}
-proxy_cache_min_uses {{ item.value.reverse_proxy.proxy_cache_min_uses }};
+proxy_cache_min_uses {{ item.value.proxy_cache.proxy_cache_min_uses }};
 {% endif %}
-{% if item.value.reverse_proxy.proxy_cache_revalidate is defined and item.value.reverse_proxy.proxy_cache_revalidate %}
+{% if item.value.proxy_cache.proxy_cache_revalidate is defined and item.value.proxy_cache.proxy_cache_revalidate %}
-proxy_cache_revalidate {{ item.value.reverse_proxy.proxy_cache_revalidate | ternary("on", "off") }};
+proxy_cache_revalidate {{ item.value.proxy_cache.proxy_cache_revalidate | ternary("on", "off") }};
 {% endif %}
-{% if item.value.reverse_proxy.proxy_cache_use_stale is defined and item.value.reverse_proxy.proxy_cache_use_stale %}
+{% if item.value.proxy_cache.proxy_cache_use_stale is defined and item.value.proxy_cache.proxy_cache_use_stale %}
-proxy_cache_use_stale {{ item.value.reverse_proxy.proxy_cache_use_stale | join(" ") }};
+proxy_cache_use_stale {{ item.value.proxy_cache.proxy_cache_use_stale | join(" ") }};
 {% endif %}
-{% if item.value.reverse_proxy.proxy_ignore_headers is defined and item.value.reverse_proxy.proxy_ignore_headers %}
+{% if item.value.proxy_cache.proxy_ignore_headers is defined and item.value.proxy_cache.proxy_ignore_headers %}
-proxy_ignore_headers {{ item.value.reverse_proxy.proxy_ignore_headers | join(" ") }};
+proxy_ignore_headers {{ item.value.proxy_cache.proxy_ignore_headers | join(" ") }};
 {% endif %}
-{% if item.value.reverse_proxy.proxy_temp_path is defined and item.value.reverse_proxy.proxy_temp_path.path %}
+{% if item.value.proxy_cache.proxy_temp_path is defined and item.value.proxy_cache.proxy_temp_path.path %}
-proxy_temp_path {{ item.value.reverse_proxy.proxy_temp_path.path }} {{ item.value.reverse_proxy.proxy_temp_path.level_1 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_2 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_3 | default("") }};
+proxy_temp_path {{ item.value.proxy_cache.proxy_temp_path.path }} {{ item.value.proxy_cache.proxy_temp_path.level_1 | default("") }} {{ item.value.proxy_cache.proxy_temp_path.level_2 | default("") }} {{ item.value.proxy_cache.proxy_temp_path.level_3 | default("") }};
 {% endif %}
-{% if item.value.reverse_proxy.proxy_cache_valid is defined %}
+{% if item.value.proxy_cache.proxy_cache_valid is defined %}
-{% for proxy_cache_valid in item.value.reverse_proxy.proxy_cache_valid %}
+{% for proxy_cache_valid in item.value.proxy_cache.proxy_cache_valid %}
 {% if proxy_cache_valid.code is defined %}
 proxy_cache_valid {{ proxy_cache_valid.code }} {{ proxy_cache_valid.time | default("10m") }};
 {% elif proxy_cache_valid.time is defined and proxy_cache_valid.code is not defined %}
@ -68,231 +68,233 @@ auth_request {{ item.value.auth_request_http }};
 auth_request_set {{ item.value.auth_request_set_http.name }} {{ item.value.auth_request_set_http.value }};
 {% endif %}
-{% if item.value.http_custom_options is defined and item.value.http_custom_options | length %}
+{% if item.value.custom_options is defined and item.value.custom_options | length %}
-{% for inline_option in item.value.http_custom_options %}
+{% for inline_option in item.value.custom_options %}
 {{ inline_option }};
 {% endfor %}
 {% endif %}
 {% if item.value.servers is defined %}
 {% for server in item.value.servers %}
 server {
-{% for listen in item.value.listen %}
+{% for listen in item.value.servers[server].listen %}
-    listen {% if item.value.listen[listen].ip is defined and item.value.listen[listen].ip | length %}{{ item.value.listen[listen].ip }}:{% endif %}{{ item.value.listen[listen].port }}{% if item.value.ssl is defined and item.value.ssl %} ssl{% endif %}{% if item.value.listen[listen].opts is defined and item.value.listen[listen].opts | length %} {{ item.value.listen[listen].opts | join(" ") }}{% endif %};
+    listen {% if item.value.servers[server].listen[listen].ip is defined and item.value.servers[server].listen[listen].ip | length %}{{ item.value.servers[server].listen[listen].ip }}:{% endif %}{{ item.value.servers[server].listen[listen].port }}{% if item.value.servers[server].ssl is defined and item.value.servers[server].ssl %} ssl{% endif %}{% if item.value.servers[server].listen[listen].opts is defined and item.value.servers[server].listen[listen].opts | length %} {{ item.value.servers[server].listen[listen].opts | join(" ") }}{% endif %};
 {% endfor %}
-    server_name {{ item.value.server_name | default('localhost') }};
+    server_name {{ item.value.servers[server].server_name | default('localhost') }};
-{% if item.value.ssl is defined and item.value.ssl %}
+{% if item.value.servers[server].ssl is defined and item.value.servers[server].ssl %}
-    ssl_certificate {{ item.value.ssl.cert }};
+    ssl_certificate {{ item.value.servers[server].ssl.cert }};
-    ssl_certificate_key {{ item.value.ssl.key }};
+    ssl_certificate_key {{ item.value.servers[server].ssl.key }};
-{% if item.value.ssl.trusted_cert is defined %}
+{% if item.value.servers[server].ssl.trusted_cert is defined %}
-    ssl_trusted_certificate {{ item.value.ssl.trusted_cert }};
+    ssl_trusted_certificate {{ item.value.servers[server].ssl.trusted_cert }};
 {% endif %}
-{% if item.value.ssl.dhparam is defined %}
+{% if item.value.servers[server].ssl.dhparam is defined %}
-    ssl_dhparam {{ item.value.ssl.dhparam }};
+    ssl_dhparam {{ item.value.servers[server].ssl.dhparam }};
 {% endif %}
-{% if item.value.ssl.protocols is defined and item.value.ssl.protocols %}
+{% if item.value.servers[server].ssl.protocols is defined and item.value.servers[server].ssl.protocols %}
-    ssl_protocols {{ item.value.ssl.protocols }};
+    ssl_protocols {{ item.value.servers[server].ssl.protocols }};
 {% endif %}
-{% if item.value.ssl.ciphers is defined and item.value.ssl.ciphers %}
+{% if item.value.servers[server].ssl.ciphers is defined and item.value.servers[server].ssl.ciphers %}
-    ssl_ciphers {{ item.value.ssl.ciphers }};
+    ssl_ciphers {{ item.value.servers[server].ssl.ciphers }};
 {% endif %}
-{% if item.value.ssl.prefer_server_ciphers is defined and item.value.ssl.prefer_server_ciphers %}
+{% if item.value.servers[server].ssl.prefer_server_ciphers is defined and item.value.servers[server].ssl.prefer_server_ciphers %}
    ssl_prefer_server_ciphers on;
 {% endif %}
-{% if item.value.ssl.session_cache is defined and item.value.ssl.session_cache %}
+{% if item.value.servers[server].ssl.session_cache is defined and item.value.servers[server].ssl.session_cache %}
-    ssl_session_cache {{ item.value.ssl.session_cache }};
+    ssl_session_cache {{ item.value.servers[server].ssl.session_cache }};
 {% endif %}
-{% if item.value.ssl.session_timeout is defined and item.value.ssl.session_timeout %}
+{% if item.value.servers[server].ssl.session_timeout is defined and item.value.servers[server].ssl.session_timeout %}
-    ssl_session_timeout {{ item.value.ssl.session_timeout }};
+    ssl_session_timeout {{ item.value.servers[server].ssl.session_timeout }};
 {% endif %}
-{% if item.value.ssl.disable_session_tickets is defined and item.value.ssl.disable_session_tickets %}
+{% if item.value.servers[server].ssl.disable_session_tickets is defined and item.value.servers[server].ssl.disable_session_tickets %}
    ssl_session_tickets off;
 {% endif %}
-{% if item.value.ssl.stapling is defined and item.value.ssl.stapling %}
+{% if item.value.servers[server].ssl.stapling is defined and item.value.servers[server].ssl.stapling %}
    ssl_stapling on;
 {% endif %}
-{% if item.value.ssl.stapling_verify is defined and item.value.ssl.stapling_verify %}
+{% if item.value.servers[server].ssl.stapling_verify is defined and item.value.servers[server].ssl.stapling_verify %}
    ssl_stapling_verify on;
 {% endif %}
 {% endif %}
-{% if item.value.include_files is defined and item.value.include_files | length %}
+{% if item.value.servers[server].include_files is defined and item.value.servers[server].include_files | length %}
-{% for file in item.value.include_files %}
+{% for file in item.value.servers[server].include_files %}
    include "{{ file }}";
 {% endfor %}
 {% endif %}
-{% if item.value.proxy_hide_headers is defined %}
+{% if item.value.servers[server].proxy_hide_headers is defined %}
-{% for header in item.value.proxy_hide_headers %}
+{% for header in item.value.servers[server].proxy_hide_headers %}
    proxy_hide_header {{ header }};
 {% endfor %}
 {% endif %}
-{% if item.value.add_headers is defined %}
+{% if item.value.servers[server].add_headers is defined %}
-{% for header in item.value.add_headers %}
+{% for header in item.value.servers[server].add_headers %}
-    add_header {{ item.value.add_headers[header].name }} "{{ item.value.add_headers[header].value }}"{% if item.value.add_headers[header].always is defined and item.value.add_headers[header].always %} always{% endif %};
+    add_header {{ item.value.servers[server].add_headers[header].name }} "{{ item.value.servers[server].add_headers[header].value }}"{% if item.value.servers[server].add_headers[header].always is defined and item.value.servers[server].add_headers[header].always %} always{% endif %};
 {% endfor %}
 {% endif %}
-{% if item.value.auth_basic is defined and item.value.auth_basic %}
+{% if item.value.servers[server].auth_basic is defined and item.value.servers[server].auth_basic %}
-    auth_basic "{{ item.value.auth_basic }}";
+    auth_basic "{{ item.value.servers[server].auth_basic }}";
 {% endif %}
-{% if item.value.auth_basic_user_file is defined and item.value.auth_basic_user_file %}
+{% if item.value.servers[server].auth_basic_user_file is defined and item.value.servers[server].auth_basic_user_file %}
-    auth_basic_user_file {{ item.value.auth_basic_user_file }};
+    auth_basic_user_file {{ item.value.servers[server].auth_basic_user_file }};
 {% endif %}
-{% if item.value.root is defined and item.value.root %}
+{% if item.value.servers[server].root is defined and item.value.servers[server].root %}
-    root {{ item.value.root }};
+    root {{ item.value.servers[server].root }};
 {% endif %}
-{% if item.value.https_redirect is defined and item.value.https_redirect %}
+{% if item.value.servers[server].https_redirect is defined and item.value.servers[server].https_redirect %}
-    return 301 https://{% if item.value.server_name == "_" %}$host{% else %}{{ item.value.server_name }}{% endif %}$request_uri;
+    return 301 https://{% if item.value.servers[server].server_name == "_" %}$host{% else %}{{ item.value.servers[server].server_name }}{% endif %}$request_uri;
 {% endif %}
-{% if item.value.autoindex is defined and item.value.autoindex %}
+{% if item.value.servers[server].autoindex is defined and item.value.servers[server].autoindex %}
    autoindex on;
 {% endif %}
-{% if item.value.try_files is defined %}
+{% if item.value.servers[server].try_files is defined %}
-    try_files {{ item.value.try_files }};
+    try_files {{ item.value.servers[server].try_files }};
 {% endif %}
-{% if item.value.auth_request is defined %}
+{% if item.value.servers[server].auth_request is defined %}
-    auth_request {{ item.value.auth_request }};
+    auth_request {{ item.value.servers[server].auth_request }};
 {% endif %}
-{% if item.value.auth_request_set is defined %}
+{% if item.value.servers[server].auth_request_set is defined %}
-    auth_request_set {{ item.value.auth_request_set.name }} {{ item.value.auth_request_set.value }};
+    auth_request_set {{ item.value.servers[server].auth_request_set.name }} {{ item.value.servers[server].auth_request_set.value }};
 {% endif %}
-{% if item.value.client_max_body_size is defined and item.value.client_max_body_size %}
+{% if item.value.servers[server].client_max_body_size is defined and item.value.servers[server].client_max_body_size %}
-    client_max_body_size {{ item.value.client_max_body_size }};
+    client_max_body_size {{ item.value.servers[server].client_max_body_size }};
 {% endif %}
-{% if item.value.server_custom_options is defined and item.value.server_custom_options | length %}
+{% if item.value.servers[server].custom_options is defined and item.value.servers[server].custom_options | length %}
-{% for inline_option in item.value.server_custom_options %}
+{% for inline_option in item.value.servers[server].custom_options %}
    {{ inline_option }};
 {% endfor %}
 {% endif %}
-{% if item.value.reverse_proxy is defined and item.value.reverse_proxy %}
+{% if item.value.servers[server].reverse_proxy is defined and item.value.servers[server].reverse_proxy %}
-{% for location in item.value.reverse_proxy.locations %}
+{% for location in item.value.servers[server].reverse_proxy.locations %}
-    location {{ item.value.reverse_proxy.locations[location].location }} {
+    location {{ item.value.servers[server].reverse_proxy.locations[location].location }} {
-{% if item.value.reverse_proxy.locations[location].internal is sameas true %}
+{% if item.value.servers[server].reverse_proxy.locations[location].internal is sameas true %}
        internal;
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].include_files is defined and item.value.reverse_proxy.locations[location].include_files | length %}
+{% if item.value.servers[server].reverse_proxy.locations[location].include_files is defined and item.value.servers[server].reverse_proxy.locations[location].include_files | length %}
-{% for file in item.value.reverse_proxy.locations[location].include_files %}
+{% for file in item.value.servers[server].reverse_proxy.locations[location].include_files %}
        include "{{ file }}";
 {% endfor %}
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_hide_headers is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_hide_headers is defined %}
-{% for header in item.value.reverse_proxy.locations[location].proxy_hide_headers %}
+{% for header in item.value.servers[server].reverse_proxy.locations[location].proxy_hide_headers %}
        proxy_hide_header {{ header }};
 {% endfor %}
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].add_headers is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].add_headers is defined %}
-{% for header in item.value.reverse_proxy.locations[location].add_headers %}
+{% for header in item.value.servers[server].reverse_proxy.locations[location].add_headers %}
-        add_header {{ item.value.reverse_proxy.locations[location].add_headers[header].name }} "{{ item.value.reverse_proxy.locations[location].add_headers[header].value }}"{% if item.value.reverse_proxy.locations[location].add_headers[header].always is defined and item.value.reverse_proxy.locations[location].add_headers[header].always %} always{% endif %};
+        add_header {{ item.value.servers[server].reverse_proxy.locations[location].add_headers[header].name }} "{{ item.value.servers[server].reverse_proxy.locations[location].add_headers[header].value }}"{% if item.value.servers[server].reverse_proxy.locations[location].add_headers[header].always is defined and item.value.servers[server].reverse_proxy.locations[location].add_headers[header].always %} always{% endif %};
 {% endfor %}
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].auth_request is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].auth_request is defined %}
-        auth_request {{ item.value.reverse_proxy.locations[location].auth_request }};
+        auth_request {{ item.value.servers[server].reverse_proxy.locations[location].auth_request }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].auth_request_set is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].auth_request_set is defined %}
-        auth_request_set {{ item.value.reverse_proxy.locations[location].auth_request_set.name }} {{ item.value.reverse_proxy.locations[location].auth_request_set.value }};
+        auth_request_set {{ item.value.servers[server].reverse_proxy.locations[location].auth_request_set.name }} {{ item.value.servers[server].reverse_proxy.locations[location].auth_request_set.value }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].auth_basic is defined and item.value.reverse_proxy.locations[location].auth_basic %}
+{% if item.value.servers[server].reverse_proxy.locations[location].auth_basic is defined and item.value.servers[server].reverse_proxy.locations[location].auth_basic %}
-        auth_basic "{{ item.value.reverse_proxy.locations[location].auth_basic }}";
+        auth_basic "{{ item.value.servers[server].reverse_proxy.locations[location].auth_basic }}";
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].auth_basic_user_file is defined and item.value.reverse_proxy.locations[location].auth_basic_user_file %}
+{% if item.value.servers[server].reverse_proxy.locations[location].auth_basic_user_file is defined and item.value.servers[server].reverse_proxy.locations[location].auth_basic_user_file %}
-        auth_basic_user_file {{ item.value.reverse_proxy.locations[location].auth_basic_user_file }};
+        auth_basic_user_file {{ item.value.servers[server].reverse_proxy.locations[location].auth_basic_user_file }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].returns is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].returns is defined %}
-{% for code in item.value.reverse_proxy.locations[location].returns %}
+{% for code in item.value.servers[server].reverse_proxy.locations[location].returns %}
-{% if item.value.reverse_proxy.locations[location].returns[code] is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].returns[code] is defined %}
-        return {{ item.value.reverse_proxy.locations[location].returns[code].code }} {{ item.value.reverse_proxy.locations[location].returns[code].url }};
+        return {{ item.value.servers[server].reverse_proxy.locations[location].returns[code].code }} {{ item.value.servers[server].reverse_proxy.locations[location].returns[code].url }};
 {% else %}
-        return {{ item.value.reverse_proxy.locations[location].returns[code].url }};
+        return {{ item.value.servers[server].reverse_proxy.locations[location].returns[code].url }};
 {% endif %}
 {% endfor %}
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_connect_timeout is defined and item.value.reverse_proxy.locations[location].proxy_connect_timeout %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_connect_timeout is defined and item.value.servers[server].reverse_proxy.locations[location].proxy_connect_timeout %}
-        proxy_connect_timeout {{ item.value.reverse_proxy.locations[location].proxy_connect_timeout }};
+        proxy_connect_timeout {{ item.value.servers[server].reverse_proxy.locations[location].proxy_connect_timeout }};
 {% endif %}
-        proxy_pass {{ item.value.reverse_proxy.locations[location].proxy_pass }};
+        proxy_pass {{ item.value.servers[server].reverse_proxy.locations[location].proxy_pass }};
-{% if item.value.reverse_proxy.locations[location].rewrites is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].rewrites is defined %}
-{% for rewrite in item.value.reverse_proxy.locations[location].rewrites %}
+{% for rewrite in item.value.servers[server].reverse_proxy.locations[location].rewrites %}
        rewrite {{ rewrite }};
 {% endfor %}
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_read_timeout is defined and item.value.reverse_proxy.locations[location].proxy_read_timeout %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_read_timeout is defined and item.value.servers[server].reverse_proxy.locations[location].proxy_read_timeout %}
-        proxy_read_timeout {{ item.value.reverse_proxy.locations[location].proxy_read_timeout }};
+        proxy_read_timeout {{ item.value.servers[server].reverse_proxy.locations[location].proxy_read_timeout }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_send_timeout is defined and item.value.reverse_proxy.locations[location].proxy_send_timeout %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_send_timeout is defined and item.value.servers[server].reverse_proxy.locations[location].proxy_send_timeout %}
-        proxy_send_timeout {{ item.value.reverse_proxy.locations[location].proxy_send_timeout }};
+        proxy_send_timeout {{ item.value.servers[server].reverse_proxy.locations[location].proxy_send_timeout }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_pass_request_body is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_pass_request_body is defined %}
-        proxy_pass_request_body {{ item.value.reverse_proxy.locations[location].proxy_pass_request_body }};
+        proxy_pass_request_body {{ item.value.servers[server].reverse_proxy.locations[location].proxy_pass_request_body }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_store is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_store is defined %}
-        proxy_store {{ item.value.reverse_proxy.locations[location].proxy_store | ternary("on", "off") }};
+        proxy_store {{ item.value.servers[server].reverse_proxy.locations[location].proxy_store | ternary("on", "off") }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_store_access is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_store_access is defined %}
-        proxy_store_access {{ item.value.reverse_proxy.locations[location].proxy_store_access }};
+        proxy_store_access {{ item.value.servers[server].reverse_proxy.locations[location].proxy_store_access }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].allows is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].allows is defined %}
-{% for allow in item.value.reverse_proxy.locations[location].allows %}
+{% for allow in item.value.servers[server].reverse_proxy.locations[location].allows %}
        allow {{ allow }};
 {% endfor %}
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].denies is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].denies is defined %}
-{% for deny in item.value.reverse_proxy.locations[location].denies %}
+{% for deny in item.value.servers[server].reverse_proxy.locations[location].denies %}
        deny {{ deny }};
 {% endfor %}
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_set_header is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_set_header is defined %}
-{% for header in item.value.reverse_proxy.locations[location].proxy_set_header %}
+{% for header in item.value.servers[server].reverse_proxy.locations[location].proxy_set_header %}
-        proxy_set_header {{ item.value.reverse_proxy.locations[location].proxy_set_header[header].name }} {{ item.value.reverse_proxy.locations[location].proxy_set_header[header].value }};
+        proxy_set_header {{ item.value.servers[server].reverse_proxy.locations[location].proxy_set_header[header].name }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_set_header[header].value }};
 {% endfor %}
-{% if item.value.reverse_proxy.locations[location].proxy_http_version is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_http_version is defined %}
-        proxy_http_version {{ item.value.reverse_proxy.locations[location].proxy_http_version }};
+        proxy_http_version {{ item.value.servers[server].reverse_proxy.locations[location].proxy_http_version }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].websocket is defined and item.value.reverse_proxy.locations[location].websocket %}
+{% if item.value.servers[server].reverse_proxy.locations[location].websocket is defined and item.value.servers[server].reverse_proxy.locations[location].websocket %}
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
 {% endif %}
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].try_files is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].try_files is defined %}
-        try_files {{ item.value.reverse_proxy.locations[location].try_files }};
+        try_files {{ item.value.servers[server].reverse_proxy.locations[location].try_files }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_ssl is defined and item.value.reverse_proxy.locations[location].proxy_ssl %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl is defined and item.value.servers[server].reverse_proxy.locations[location].proxy_ssl %}
-{% if item.value.reverse_proxy.locations[location].proxy_ssl.cert is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.cert is defined %}
-        proxy_ssl_certificate {{ item.value.reverse_proxy.locations[location].proxy_ssl.cert }};
+        proxy_ssl_certificate {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.cert }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_ssl.key is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.key is defined %}
-        proxy_ssl_certificate_key {{ item.value.reverse_proxy.locations[location].proxy_ssl.key }};
+        proxy_ssl_certificate_key {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.key }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_ssl.trusted_cert is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.trusted_cert is defined %}
-        proxy_ssl_trusted_certificate {{ item.value.reverse_proxy.locations[location].proxy_ssl.trusted_cert }};
+        proxy_ssl_trusted_certificate {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.trusted_cert }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_ssl.server_name is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.server_name is defined %}
-        proxy_ssl_server_name {{ item.value.reverse_proxy.locations[location].proxy_ssl.server_name | ternary("on", "off") }};
+        proxy_ssl_server_name {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.server_name | ternary("on", "off") }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_ssl.name is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.name is defined %}
-        proxy_ssl_name {{ item.value.reverse_proxy.locations[location].proxy_ssl.name }};
+        proxy_ssl_name {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.name }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_ssl.protocols is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.protocols is defined %}
-        proxy_ssl_protocols {{ item.value.reverse_proxy.locations[location].proxy_ssl.protocols }};
+        proxy_ssl_protocols {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.protocols }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_ssl.ciphers is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.ciphers is defined %}
-        proxy_ssl_ciphers {{ item.value.reverse_proxy.locations[location].proxy_ssl.ciphers }};
+        proxy_ssl_ciphers {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.ciphers }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_ssl.verify is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.verify is defined %}
-        proxy_ssl_verify {{ item.value.reverse_proxy.locations[location].proxy_ssl.verify | ternary("on", "off") }};
+        proxy_ssl_verify {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.verify | ternary("on", "off") }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_ssl.verify_depth is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.verify_depth is defined %}
-        proxy_ssl_verify_depth {{ item.value.reverse_proxy.locations[location].proxy_ssl.verify_depth }};
+        proxy_ssl_verify_depth {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.verify_depth }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_ssl.session_reuse is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.session_reuse is defined %}
-        proxy_ssl_session_reuse {{ item.value.reverse_proxy.locations[location].proxy_ssl.session_reuse | ternary("on", "off") }};
+        proxy_ssl_session_reuse {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.session_reuse | ternary("on", "off") }};
 {% endif %}
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_redirect is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_redirect is defined %}
-        proxy_redirect {{ item.value.reverse_proxy.locations[location].proxy_redirect | ternary(item.value.reverse_proxy.locations[location].proxy_redirect, "off") }};
+        proxy_redirect {{ item.value.servers[server].reverse_proxy.locations[location].proxy_redirect | ternary(item.value.servers[server].reverse_proxy.locations[location].proxy_redirect, "off") }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_cache is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache is defined %}
-        proxy_cache {{ item.value.reverse_proxy.locations[location].proxy_cache }};
+        proxy_cache {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_cache_valid is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_valid is defined %}
-{% for proxy_cache_valid in item.value.reverse_proxy.locations[location].proxy_cache_valid %}
+{% for proxy_cache_valid in item.value.servers[server].reverse_proxy.locations[location].proxy_cache_valid %}
 {% if proxy_cache_valid.code is defined %}
        proxy_cache_valid {{ proxy_cache_valid.code }} {{ proxy_cache_valid.time | default("10m") }};
 {% elif proxy_cache_valid.time is defined and proxy_cache_valid.code is not defined %}
@ -300,42 +302,42 @@ server {
 {% endif %}
 {% endfor %}
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_cache_background_update is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_background_update is defined %}
-        proxy_cache_background_update {{ item.value.reverse_proxy.locations[location].proxy_cache_background_update | ternary("on", "off") }};
+        proxy_cache_background_update {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_background_update | ternary("on", "off") }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_cache_lock is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_lock is defined %}
-        proxy_cache_lock {{ item.value.reverse_proxy.locations[location].proxy_cache_lock | ternary("on", "off") }};
+        proxy_cache_lock {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_lock | ternary("on", "off") }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_cache_min_uses is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_min_uses is defined %}
-        proxy_cache_min_uses {{ item.value.reverse_proxy.locations[location].proxy_cache_min_uses }};
+        proxy_cache_min_uses {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_min_uses }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_cache_revalidate is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_revalidate is defined %}
-        proxy_cache_revalidate {{ item.value.reverse_proxy.locations[location].proxy_cache_revalidate | ternary("on", "off") }};
+        proxy_cache_revalidate {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_revalidate | ternary("on", "off") }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_cache_use_stale is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_use_stale is defined %}
-        proxy_cache_use_stale {{ item.value.reverse_proxy.locations[location].proxy_cache_use_stale | join(" ") }};
+        proxy_cache_use_stale {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_use_stale | join(" ") }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_temp_path is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path is defined %}
-        proxy_temp_path {{ item.value.reverse_proxy.locations[location].proxy_temp_path.path }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_1 | default("") }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_2 | default("") }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_3 | default("") }};
+        proxy_temp_path {{ item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path.path }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path.level_1 | default("") }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path.level_2 | default("") }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path.level_3 | default("") }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_ignore_headers is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ignore_headers is defined %}
-        proxy_ignore_headers {{ item.value.reverse_proxy.locations[location].proxy_ignore_headers | join(" ") }};
+        proxy_ignore_headers {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ignore_headers | join(" ") }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].client_max_body_size is defined and item.value.reverse_proxy.locations[location].client_max_body_size %}
+{% if item.value.servers[server].reverse_proxy.locations[location].client_max_body_size is defined and item.value.servers[server].reverse_proxy.locations[location].client_max_body_size %}
-        client_max_body_size {{ item.value.reverse_proxy.locations[location].client_max_body_size }};
+        client_max_body_size {{ item.value.servers[server].reverse_proxy.locations[location].client_max_body_size }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_cookie_path is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cookie_path is defined %}
-        proxy_cookie_path {{ item.value.reverse_proxy.locations[location].proxy_cookie_path.path }} {{ item.value.reverse_proxy.locations[location].proxy_cookie_path.replacement }};
+        proxy_cookie_path {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cookie_path.path }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cookie_path.replacement }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].proxy_buffering is defined %}
+{% if item.value.servers[server].reverse_proxy.locations[location].proxy_buffering is defined %}
-        proxy_buffering {{ item.value.reverse_proxy.locations[location].proxy_buffering | ternary("on", "off") }};
+        proxy_buffering {{ item.value.servers[server].reverse_proxy.locations[location].proxy_buffering | ternary("on", "off") }};
 {% endif %}
-{% if item.value.reverse_proxy.locations[location].custom_options is defined and item.value.reverse_proxy.locations[location].custom_options | length %}
+{% if item.value.servers[server].reverse_proxy.locations[location].custom_options is defined and item.value.servers[server].reverse_proxy.locations[location].custom_options | length %}
-{% for inline_option in item.value.reverse_proxy.locations[location].custom_options %}
+{% for inline_option in item.value.servers[server].reverse_proxy.locations[location].custom_options %}
        {{ inline_option }};
 {% endfor %}
 {% endif %}
-{% if (item.value.reverse_proxy.health_check_plus is defined) and item.value.reverse_proxy.health_check_plus %}
+{% if (item.value.servers[server].reverse_proxy.health_check_plus is defined) and item.value.servers[server].reverse_proxy.health_check_plus %}
        health_check;
 {% endif %}
@ -343,66 +345,66 @@ server {
 {% endfor %}
 {% endif %}
-{% if item.value.web_server is defined %}
+{% if item.value.servers[server].web_server is defined %}
-{% for location in item.value.web_server.locations %}
+{% for location in item.value.servers[server].web_server.locations %}
-    location {{ item.value.web_server.locations[location].location }} {
+    location {{ item.value.servers[server].web_server.locations[location].location }} {
-{% if item.value.web_server.locations[location].html_file_location is defined %}
+{% if item.value.servers[server].web_server.locations[location].html_file_location is defined %}
-        root   {{ item.value.web_server.locations[location].html_file_location }};
+        root   {{ item.value.servers[server].web_server.locations[location].html_file_location }};
 {% endif %}
-{% if item.value.web_server.locations[location].html_file_name is defined %}
+{% if item.value.servers[server].web_server.locations[location].html_file_name is defined %}
-        index  {{ item.value.web_server.locations[location].html_file_name }};
+        index  {{ item.value.servers[server].web_server.locations[location].html_file_name }};
 {% endif %}
-{% if item.value.web_server.locations[location].autoindex | default(false) %}
+{% if item.value.servers[server].web_server.locations[location].autoindex | default(false) %}
        autoindex on;
 {% endif %}
-{% if item.value.web_server.locations[location].try_files is defined %}
+{% if item.value.servers[server].web_server.locations[location].try_files is defined %}
-        try_files {{ item.value.web_server.locations[location].try_files }};
+        try_files {{ item.value.servers[server].web_server.locations[location].try_files }};
 {% endif %}
-{% if item.value.web_server.locations[location].include_files is defined and item.value.web_server.locations[location].include_files | length %}
+{% if item.value.servers[server].web_server.locations[location].include_files is defined and item.value.servers[server].web_server.locations[location].include_files | length %}
-{% for file in item.value.web_server.locations[location].include_files %}
+{% for file in item.value.servers[server].web_server.locations[location].include_files %}
        include "{{ file }}";
 {% endfor %}
 {% endif %}
-{% if item.value.web_server.locations[location].custom_options is defined and item.value.web_server.locations[location].custom_options | length %}
+{% if item.value.servers[server].web_server.locations[location].custom_options is defined and item.value.servers[server].web_server.locations[location].custom_options | length %}
-{% for inline_option in item.value.web_server.locations[location].custom_options %}
+{% for inline_option in item.value.servers[server].web_server.locations[location].custom_options %}
        {{ inline_option }};
 {% endfor %}
 {% endif %}
-{% if item.value.web_server.locations[location].proxy_hide_headers is defined %}
+{% if item.value.servers[server].web_server.locations[location].proxy_hide_headers is defined %}
-{% for header in item.value.web_server.locations[location].proxy_hide_headers %}
+{% for header in item.value.servers[server].web_server.locations[location].proxy_hide_headers %}
        proxy_hide_header {{ header }};
 {% endfor %}
 {% endif %}
-{% if item.value.web_server.locations[location].add_headers is defined %}
+{% if item.value.servers[server].web_server.locations[location].add_headers is defined %}
-{% for header in item.value.web_server.locations[location].add_headers %}
+{% for header in item.value.servers[server].web_server.locations[location].add_headers %}
-        add_header {{ item.value.web_server.locations[location].add_headers[header].name }} "{{ item.value.web_server.locations[location].add_headers[header].value }}"{% if item.value.web_server.locations[location].add_headers[header].always is defined and item.value.web_server.locations[location].add_headers[header].always %} always{% endif %};
+        add_header {{ item.value.servers[server].web_server.locations[location].add_headers[header].name }} "{{ item.value.servers[server].web_server.locations[location].add_headers[header].value }}"{% if item.value.servers[server].web_server.locations[location].add_headers[header].always is defined and item.value.servers[server].web_server.locations[location].add_headers[header].always %} always{% endif %};
 {% endfor %}
 {% endif %}
-{% if item.value.web_server.locations[location].returns is defined %}
+{% if item.value.servers[server].web_server.locations[location].returns is defined %}
-{% for code in item.value.web_server.locations[location].returns %}
+{% for code in item.value.servers[server].web_server.locations[location].returns %}
-{% if item.value.web_server.locations[location].returns[code] is defined %}
+{% if item.value.servers[server].web_server.locations[location].returns[code] is defined %}
-        return {{ item.value.web_server.locations[location].returns[code].code }} {{ item.value.web_server.locations[location].returns[code].url }};
+        return {{ item.value.servers[server].web_server.locations[location].returns[code].code }} {{ item.value.servers[server].web_server.locations[location].returns[code].url }};
 {% else %}
-        return {{ item.value.web_server.locations[location].returns[code].url }};
+        return {{ item.value.servers[server].web_server.locations[location].returns[code].url }};
 {% endif %}
 {% endfor %}
 {% endif %}
-{% if item.value.web_server.locations[location].auth_basic is defined and item.value.web_server.locations[location].auth_basic %}
+{% if item.value.servers[server].web_server.locations[location].auth_basic is defined and item.value.servers[server].web_server.locations[location].auth_basic %}
-        auth_basic "{{ item.value.web_server.locations[location].auth_basic }}";
+        auth_basic "{{ item.value.servers[server].web_server.locations[location].auth_basic }}";
 {% endif %}
-{% if item.value.web_server.locations[location].auth_basic_user_file is defined and item.value.web_server.locations[location].auth_basic_user_file %}
+{% if item.value.servers[server].web_server.locations[location].auth_basic_user_file is defined and item.value.servers[server].web_server.locations[location].auth_basic_user_file %}
-        auth_basic_user_file {{ item.value.web_server.locations[location].auth_basic_user_file }};
+        auth_basic_user_file {{ item.value.servers[server].web_server.locations[location].auth_basic_user_file }};
 {% endif %}
-{% if item.value.web_server.locations[location].auth_request is defined %}
+{% if item.value.servers[server].web_server.locations[location].auth_request is defined %}
-        auth_request {{ item.value.web_server.locations[location].auth_request }};
+        auth_request {{ item.value.servers[server].web_server.locations[location].auth_request }};
 {% endif %}
-{% if item.value.web_server.locations[location].auth_request_set is defined %}
+{% if item.value.servers[server].web_server.locations[location].auth_request_set is defined %}
-        auth_request_set {{ item.value.web_server.locations[location].auth_request_set.name }} {{ item.value.web_server.locations[location].auth_request_set.value }};
+        auth_request_set {{ item.value.servers[server].web_server.locations[location].auth_request_set.name }} {{ item.value.servers[server].web_server.locations[location].auth_request_set.value }};
 {% endif %}
    }
 {% endfor %}
-{% if item.value.web_server.http_demo_conf %}
+{% if item.value.servers[server].web_server.http_demo_conf %}
    sub_filter_once off;
    sub_filter 'server_hostname' '$hostname';
    sub_filter 'server_address' '$server_addr:$server_port';
@ -416,29 +418,31 @@ server {
    sub_filter 'proxied_for_ip' '$http_x_forwarded_for';
 {% endif %}
 {% endif %}
-{% if item.value.returns is defined %}
+{% if item.value.servers[server].returns is defined %}
-{% for return in item.value.returns %}
+{% for return in item.value.servers[server].returns %}
-    location {{ item.value.returns[return].location }} {
+    location {{ item.value.servers[server].returns[return].location }} {
-        return {{ item.value.returns[return].code }}{% if item.value.returns[return].value is defined %} {{ item.value.returns[return].value }}{% endif %};
+        return {{ item.value.servers[server].returns[return].code }}{% if item.value.servers[server].returns[return].value is defined %} {{ item.value.servers[server].returns[return].value }}{% endif %};
    }
 {% endfor %}
 {% endif %}
-{% if item.value.error_page is defined %}
+{% if item.value.servers[server].error_page is defined %}
    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
-        root   {{ item.value.error_page }};
+        root   {{ item.value.servers[server].error_page }};
    }
 {% endif %}
-{% if item.value.access_log is defined %}
+{% if item.value.servers[server].access_log is defined %}
-{% for access_log in item.value.access_log %}
+{% for access_log in item.value.servers[server].access_log %}
    access_log  {{ access_log.location }}  {{ access_log.name }};
 {% endfor %}
 {% endif %}
-{% if item.value.error_log is defined %}
+{% if item.value.servers[server].error_log is defined %}
-    error_log {{ item.value.error_log.location }} {{ item.value.error_log.level }};
+    error_log {{ item.value.servers[server].error_log.location }} {{ item.value.servers[server].error_log.level }};
 {% endif %}
 }
 {% endfor %}
 {% endif %}