server {
  listen 80 default_server;
  listen [::]:80 default_server;
  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl;
  client_max_body_size 5g;

  ssl on;

  ssl_certificate /etc/letsencrypt/live/ketrenos.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/ketrenos.com/privkey.pem;

  root /website;
  index index.html;

  access_log /var/log/nginx/access.log;
  error_log stderr;

  autoindex on;

  # 'active.conf' is copied during docker build based on whether
  # DEVELOPMENT is set (development.conf) or not (production.conf)
  include snippets/active.location;
  
  # proxy_pass has automatic redirect from v1 -> v1/
  location /api/v1/ {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_pass_header Set-Cookie;
    proxy_pass_header P3P;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_pass http://localhost:8123/api/v1/;
  }

  # This routes all traffic to the Node Express server
  #
  # Eventually, a SSO layer in nginx can be used so the Express
  # server does not need to be part of serving static content.
  #
  # See https://gist.github.com/mjbnz/b402edf819a69e517b0c59710f291da9
  # for example.
  location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_pass_header Set-Cookie;
    proxy_pass_header P3P;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_pass http://localhost:8123/;      # server/app.js - no HTTPS
  }

  location ~ /(db|conf) {
    deny all;
    return 404;
  }
}