merged reverse proxy role, added docu

templates/upstreams.conf.j2

@@ -0,0 +1,9 @@
+{% for upstreamname in nginx.upstreams %}
+{% set upstream = nginx.upstreams[upstreamname] %}
+upstream {{ upstreamname }} {
+{% for s in upstream.server  %}
+        server {{ s.address }} {%if s.resolve|d(False) %}resolve{% endif %};
+{% endfor %}
+}
+
+{% endfor %}

templates/vhost.j2

@@ -0,0 +1,41 @@
+{% set vhost = item.value %}
+{% set vhost_name = item.key %}
+{% set vhost_listen = vhost.listen|default({}) %}
+
+server {
+	server_name {{ vhost.servername|join(' ') }};
+
+	{% if vhost_listen.ssl|default(True) %}
+	listen {{ vhost_listen.ssl_port|default(443) }} ssl {% if vhost.default_server|default(False) %}default_server{% endif %};
+	listen [::]:{{ vhost_listen.ssl_port|default(443) }} ssl {% if vhost.default_server|default(False) %}default_server{% endif %};
+	{% endif %}
+	{% if vhost_listen.nossl|default(False) %}
+	listen {{ vhost_listen.nossl_port|default(80) }} ssl {% if vhost.default_server|default(False) %}default_server{% endif %};
+	listen [::]:{{ vhost_listen.nossl_port|default(80) }} ssl {% if vhost.default_server|default(False) %}default_server{% endif %};
+	{% endif %}
+
+	{% if vhost.backend|default(False) %}
+	location / {
+		proxy_pass {{ vhost.backend }};
+
+		# add proxy headers
+		proxy_set_header  Host $host;
+		proxy_set_header  X-Real-IP        $remote_addr;
+		proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
+
+		# hide downstream headers for security reasons
+		proxy_hide_header X-Powered-By;
+		proxy_hide_header Server;
+		proxy_hide_header X-AspNetMvc-Version;
+		proxy_hide_header X-AspNet-Version;
+	}
+	{% endif %}
+
+	{% if vhost.letsencrypt|d(True) %}
+		ssl_certificate /etc/ssl/letsencrypt_{{ vhost_name }}_chained.crt;
+		ssl_certificate_key /etc/ssl/private/letsencrypt_{{ vhost_name }}.key;
+		ssl_trusted_certificate /etc/ssl/letsencrypt_full_chain.crt;
+		ssl_stapling_verify on;
+		ssl_stapling on;
+	{% endif %}
+}