netz39-infra-ansible/roles/nginx-https-ingress/templates/passthrough.conf.j2

# SSL passthrough matrix

stream {
  map $ssl_preread_server_name $name {
{% for i in ingress %}
{%   if 'hosts' in i %}
{%     for host in i.hosts %}
{%       if host.local is not defined or host.local == False %}
    {{ host.name }} {{ i.server }};
{%       endif%}
{%     endfor %}
{%   endif %}
{% endfor %}
  }

{% for i in ingress %}
  upstream {{ i.server }} {
    server {{ i.server }}.n39.eu:443;
  }
{% endfor %}

  server {
    listen 443;
    proxy_pass $name;
    ssl_preread on;
  }
}