{{ range $host, $containers := groupBy $ "Env.VIRTUAL_HOST" }}
upstream {{ $host }} {

{{ range $index, $value := $containers }}

	{{ $addrLen := len $value.Addresses }}
	{{/* If only 1 port exposed, use that */}}
	{{ if eq $addrLen 1 }}
		{{ with $address := index $value.Addresses 0 }}
		   # {{$value.Name}}
		   server {{ $address.IP }}:{{ $address.Port }};
		{{ end }}

	{{/* If more than one port exposed, use the one matching VIRTUAL_PORT env var */}}
	{{ else if $value.Env.VIRTUAL_PORT }}
		{{ range $i, $address := $value.Addresses }}
		   {{ if eq $address.Port $value.Env.VIRTUAL_PORT }}
		   # {{$value.Name}}
		   server {{ $address.IP }}:{{ $address.Port }};
		   {{ end }}
		{{ end }}

	{{/* Else default to standard web port 80 */}}
	{{ else }}
		{{ range $i, $address := $value.Addresses }}
		   {{ if eq $address.Port "80" }}
		   # {{$value.Name}}
		   server {{ $address.IP }}:{{ $address.Port }};
		   {{ end }}
		{{ end }}
        {{ end }}
{{ end }}
}

server {
	gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

	server_name {{ $host }};
        proxy_buffering off;

	location / {
	    proxy_pass http://{{ $host }};
	    include /etc/nginx/proxy_params;
	}
}
{{ end }}

{{ range $host, $containers := groupBy $ "Env.VIRTUAL_SSL_HOST" }}
upstream ssl-{{ $host }} {

{{ range $index, $value := $containers }}
        {{ if $value.Env.VIRTUAL_SSL_PORT }}
                {{ range $i, $address := $value.Addresses }}
                   {{ if eq $address.Port $value.Env.VIRTUAL_SSL_PORT }}
                   # {{$value.Name}}
                   server {{ $address.IP }}:{{ $address.Port }};
                   {{end}}
                {{end}}
        {{ else }}
                {{ range $i, $address := $value.Addresses }}
                   {{ if eq $address.Port "443" }}
                   # {{$value.Name}}
                   server {{ $address.IP }}:{{ $address.Port }};
                   {{ end }}
                {{ end }}
        {{ end }}
{{ end }}
}

server {
        listen 443 ssl;

        server_name {{ $host }};
        proxy_buffering off;

        location / {
            proxy_pass https://ssl-{{ $host }};
            include /etc/nginx/proxy_params;
        }
}
{{ end }}

{{/* Should consider retrieving proper certs from a remote server, keyed by $VIRTUAL_SSL_HOST */}}
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_session_timeout  5m;
ssl_protocols        SSLv3 TLSv1;
ssl_ciphers          ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+EXP;
ssl_prefer_server_ciphers   on;