#####################################################
# The Zen Garden Network                            #
#                                                   #
# Configuration : {{ proxy_site_conf_dir }}/{{ item.key }}.conf  #
# Version       : {{ proxy_site_version }}-{{ proxy_site_revision }}               #
#                                                   #
# Chris H. <chris@thezengarden.net>                 #
#####################################################


### Configuration for: {{ item.key }}
################################################
{% if proxy_site_dontlog_ips is defined %}
map $remote_addr $log_ip {
{% for item in proxy_site_dontlog_ips %}
"~{{ item }}" 1;
{% endfor %}
default 0;
}
{% endif %}


server {
  listen 443 ssl;
  server_name {{ item.key }} {% if proxy_sites[item.key]['aliases'] is defined %}{{ proxy_sites[item.key]['aliases'] }}{% endif %};

  ssl_certificate           {{ proxy_sites[item.key]['ssl_cert'] | default(proxy_site_ssl_certificate) }};
  ssl_certificate_key       {{ proxy_sites[item.key]['ssl_key'] | default(proxy_site_ssl_certificate_key) }};
  ssl_session_cache shared:SSL:10m;
  ssl_protocols  {{ proxy_site_ssl_protocols }};
  ssl_ciphers {{ proxy_site_ssl_ciphers }};
  ssl_prefer_server_ciphers on;

  {% if proxy_site_dontlog_ips is defined %}
  access_log    {{ proxy_site_log_path }}/{{ item.key }}.log if=$log_ip;
  {% else %}
access_log    {{ proxy_site_log_path }}/{{ item.key }}.log;
  {% endif %}

  {% if proxy_sites[item.key]['max_upload'] is defined %}
client_max_body_size {{ proxy_sites[item.key]['max_upload'] }};
  {% endif %}

  {% if proxy_sites[item.key]['status_page'] is defined %}
location /nginx_status {
    stub_status;
  }
  {% endif %}

  location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $host;

    proxy_set_header   Upgrade            $http_upgrade;
    proxy_set_header   Connection         "upgrade";

    proxy_pass {{ proxy_sites[item.key]['proto'] }}://{{ proxy_sites[item.key]['dest'] }}:{{ proxy_sites[item.key]['port'] }};


    # re-write redirects to http as to https
    proxy_redirect http:// https://;
  }

{% if item.key == "seafile.thezengarden.net" %}
  location /seafhttp {
    rewrite ^/seafhttp(.*)$ $1 break;
    proxy_pass {{ proxy_sites[item.key]['proto'] }}://{{ proxy_sites[item.key]['dest'] }}:{{ proxy_sites[item.key]['seafhttp_port'] }};
    client_max_body_size 0;

    proxy_connect_timeout  36000s;
    proxy_read_timeout  36000s;
    proxy_send_timeout  36000s;
    send_timeout  36000s;
    proxy_request_buffering off;
  }
{% endif %}
}