server {

  listen 2443 default ssl;
  ssl_protocols TLSv1.2;
  {{ if .Values.global.aafEnabled }}
  ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}};
  ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}};
  {{ else }}
  ssl_certificate /etc/ssl/clamp.pem;
  ssl_certificate_key /etc/ssl/clamp.key;
  {{ end }}

  ssl_verify_client optional_no_ca;
    location /restservices/clds/ {
        proxy_pass https://policy-clamp-be:8443;
        proxy_set_header X-SSL-Cert $ssl_client_escaped_cert;
    }

  location / {
    root   /usr/share/nginx/html;
    index  index.html index.htm;
    try_files $uri $uri/ /index.html;
  }

  error_page   500 502 503 504  /50x.html;

  location = /50x.html {
    root   /usr/share/nginx/html;
  }

}