##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##


# TODO: in case of API node, update with: http://piston.readthedocs.io/en/develop/public-api.html#nginx-webserver



{% if nginx.get('ssl_key') and nginx.get('ssl_cert') %}

server {
        listen  80;
        server_name {{ nginx['server_name'] }};
        rewrite ^ https://$server_name$request_uri? permanent;
}

server {
        listen 443;
        listen [::]:443;
        server_name {{ nginx['server_name'] }};
        charset utf-8;

        ssl on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_certificate /etc/nginx/certs/{{ nginx['ssl_cert_basename'] }};
        ssl_certificate_key /etc/nginx/certs/{{ nginx['ssl_key_basename'] }};

        location / { try_files $uri @bts_tools; }
        location @bts_tools {
                # optional password protection
                #auth_basic "Restricted";
                #auth_basic_user_file /home/{{ unix_user }}/.htpasswd;
                include uwsgi_params;
                uwsgi_pass unix:/run/uwsgi/app/bts_tools/socket;
        }
}

{% else %}

server {
        listen 80;
        listen [::]:80;
        server_name {{ nginx['server_name'] }};
        charset utf-8;
        location / { try_files $uri @bts_tools; }
        location @bts_tools {
                # optional password protection
                #auth_basic "Restricted";
                #auth_basic_user_file /home/{{ unix_user }}/.htpasswd;
                include uwsgi_params;
                uwsgi_pass unix:/run/uwsgi/app/bts_tools/socket;
        }
}

{% endif %}

