bookwyrm/nginx/production

include /etc/nginx/conf.d/server_config;

upstream web {
    server web:8000;
}
upstream flower{
    server flower:8888;
}

server {
    listen [::]:80;
    listen 80;

    include /etc/nginx/conf.d/server_name;

    location ~ /.well-known/acme-challenge {
        allow all;
        root /var/www/certbot;
    }

    # redirect http to https
    return 301 https://${DOMAIN}$request_uri;
}


server {
    access_log /var/log/nginx/access.log cache_log;

    listen [::]:443 ssl;
    listen 443 ssl;

    http2 on;

    include /etc/nginx/conf.d/server_name;

    client_max_body_size 3M;

    if ($host != "${DOMAIN}") {
        return 301 $scheme://${DOMAIN}$request_uri;
    }

    # SSL code
    ssl_certificate /etc/nginx/ssl/live/${DOMAIN}/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/live/${DOMAIN}/privkey.pem;

    location ~ /.well-known/acme-challenge {
        allow all;
        root /var/www/certbot;
    }

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    #include /etc/nginx/mime.types;
    #default_type application/octet-stream;

    gzip on;
    gzip_disable "msie6";

    proxy_read_timeout 1800s;
    chunked_transfer_encoding on;

    # store responses to anonymous users for up to 1 minute
    proxy_cache bookwyrm_cache;
    proxy_cache_valid any 1m;
    add_header X-Cache-Status $upstream_cache_status;

    # ignore the set cookie header when deciding to
    # store a response in the cache
    proxy_ignore_headers Cache-Control Set-Cookie Expires;

    # PUT requests always bypass the cache
    # logged in sessions also do not populate the cache
    # to avoid serving personal data to anonymous users
    proxy_cache_methods GET HEAD;
    proxy_no_cache      $cookie_sessionid;
    proxy_cache_bypass  $cookie_sessionid;

    include /etc/nginx/conf.d/locations;

}