upstream web {
    server web:8000;
}

server {
    listen [::]:80;
    listen 80;

    server_name bookwyrm.social www.bookwyrm.social;

    location ~ /.well-known/acme-challenge {
        allow all;
        root /var/www/certbot;
    }

    # redirect http to https www
    return 301 https://www.bookwyrm.social$request_uri;
}

server {
    listen [::]:443 ssl http2;
    listen 443 ssl http2;

    server_name bookwyrm.social;

    # SSL code
    ssl_certificate /etc/nginx/ssl/live/bookwyrm.social/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/live/bookwyrm.social/privkey.pem;

    location / {
        proxy_pass http://web;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_redirect off;
    }

    location /images/ {
        alias /app/images/;
    }

    location /static/ {
        alias /app/static/;
    }
}