ebeigarts/-

## -
{{ range $port_map := .PROXY_PORT_MAP | split " " }}
{{ $port_map_list := $port_map | split ":" }}
{{ $scheme := index $port_map_list 0 }}
{{ $listen_port := index $port_map_list 1 }}
{{ $upstream_port := index $port_map_list 2 }}

server {
  {{ if eq $scheme "http" }}
    listen      [::]:{{ $listen_port }} default_server;
    listen      {{ $listen_port }} default_server;
    {{ if $.NOSSL_SERVER_NAME }}server_name {{ $.NOSSL_SERVER_NAME }}; {{ end }}
  {{ else if eq $scheme "https"}}
    listen      [::]:{{ $listen_port }} ssl http2 default_server;
    listen      {{ $listen_port }} ssl http2 default_server;
    {{ if $.SSL_SERVER_NAME }}server_name {{ $.SSL_SERVER_NAME }}; {{ end }}
    {{ if $.NOSSL_SERVER_NAME }}server_name {{ $.NOSSL_SERVER_NAME }}; {{ end }}

    ssl_certificate     {{ $.APP_SSL_PATH }}/server.crt;
    ssl_certificate_key {{ $.APP_SSL_PATH }}/server.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;

    keepalive_timeout   70;
  {{ end }}

  access_log  /var/log/nginx/{{ $.APP }}-access.log;
  error_log   /var/log/nginx/{{ $.APP }}-error.log;

  client_max_body_size 512M;

  gzip on;
  gzip_min_length  1100;
  gzip_buffers  4 32k;
  gzip_types    text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml  application/rss+xml font/truetype application/x-font-ttf font/opentype application/vnd.ms-fontobject image/svg+xml;
  gzip_vary on;
  gzip_comp_level  6;

  location /pictures {
    root /home/efoto;
  }

  location / {
    # Skip redirect for EPL client
    if ($request_uri ~* \.php) {
      set $redirect_test "0";
    }
    # Redirect http to https
    if ($scheme != "https") {
      set $https_redirect_test "${redirect_test}1";
    }
    if ($https_redirect_test = "1") {
      rewrite ^(.*)$ https://www.vitafoto.lv$1 permanent;
    }
    # Redirect to www.vitafoto.lv
    if ($host != "www.vitafoto.lv") {
      set $www_redirect_test "${redirect_test}1";
    }
    if ($www_redirect_test = "1") {
      rewrite ^(.*)$ https://www.vitafoto.lv$1 permanent;
    }

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    proxy_pass  http://{{ $.APP }}-{{ $upstream_port }};
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Port $server_port;
    proxy_set_header X-Request-Start $msec;
  }
  include {{ $.DOKKU_ROOT }}/{{ $.APP }}/nginx.conf.d/*.conf;
}
{{ end }}

{{ if $.DOKKU_APP_LISTENERS }}
{{ range $upstream_port := $.PROXY_UPSTREAM_PORTS | split " " }}
upstream {{ $.APP }}-{{ $upstream_port }} {
{{ range $listeners := $.DOKKU_APP_LISTENERS | split " " }}
{{ $listener_list := $listeners | split ":" }}
{{ $listener_ip := index $listener_list 0 }}
{{ $listener_port := index $listener_list 1 }}
  server {{ $listener_ip }}:{{ $upstream_port }};{{ end }}
}
{{ end }}{{ end }}
	{{ range $port_map := .PROXY_PORT_MAP \| split " " }}
	{{ $port_map_list := $port_map \| split ":" }}
	{{ $scheme := index $port_map_list 0 }}
	{{ $listen_port := index $port_map_list 1 }}
	{{ $upstream_port := index $port_map_list 2 }}

	server {
	{{ if eq $scheme "http" }}
	listen [::]:{{ $listen_port }} default_server;
	listen {{ $listen_port }} default_server;
	{{ if $.NOSSL_SERVER_NAME }}server_name {{ $.NOSSL_SERVER_NAME }}; {{ end }}
	{{ else if eq $scheme "https"}}
	listen [::]:{{ $listen_port }} ssl http2 default_server;
	listen {{ $listen_port }} ssl http2 default_server;
	{{ if $.SSL_SERVER_NAME }}server_name {{ $.SSL_SERVER_NAME }}; {{ end }}
	{{ if $.NOSSL_SERVER_NAME }}server_name {{ $.NOSSL_SERVER_NAME }}; {{ end }}

	ssl_certificate {{ $.APP_SSL_PATH }}/server.crt;
	ssl_certificate_key {{ $.APP_SSL_PATH }}/server.key;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

	keepalive_timeout 70;
	{{ end }}

	access_log /var/log/nginx/{{ $.APP }}-access.log;
	error_log /var/log/nginx/{{ $.APP }}-error.log;

	client_max_body_size 512M;

	gzip on;
	gzip_min_length 1100;
	gzip_buffers 4 32k;
	gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml font/truetype application/x-font-ttf font/opentype application/vnd.ms-fontobject image/svg+xml;
	gzip_vary on;
	gzip_comp_level 6;

	location /pictures {
	root /home/efoto;
	}

	location / {
	# Skip redirect for EPL client
	if ($request_uri ~* \.php) {
	set $redirect_test "0";
	}
	# Redirect http to https
	if ($scheme != "https") {
	set $https_redirect_test "${redirect_test}1";
	}
	if ($https_redirect_test = "1") {
	rewrite ^(.*)$ https://www.vitafoto.lv$1 permanent;
	}
	# Redirect to www.vitafoto.lv
	if ($host != "www.vitafoto.lv") {
	set $www_redirect_test "${redirect_test}1";
	}
	if ($www_redirect_test = "1") {
	rewrite ^(.*)$ https://www.vitafoto.lv$1 permanent;
	}

	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
	proxy_pass http://{{ $.APP }}-{{ $upstream_port }};
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_set_header Host $http_host;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Forwarded-For $remote_addr;
	proxy_set_header X-Forwarded-Port $server_port;
	proxy_set_header X-Request-Start $msec;
	}
	include {{ $.DOKKU_ROOT }}/{{ $.APP }}/nginx.conf.d/*.conf;
	}
	{{ end }}

	{{ if $.DOKKU_APP_LISTENERS }}
	{{ range $upstream_port := $.PROXY_UPSTREAM_PORTS \| split " " }}
	upstream {{ $.APP }}-{{ $upstream_port }} {
	{{ range $listeners := $.DOKKU_APP_LISTENERS \| split " " }}
	{{ $listener_list := $listeners \| split ":" }}
	{{ $listener_ip := index $listener_list 0 }}
	{{ $listener_port := index $listener_list 1 }}
	server {{ $listener_ip }}:{{ $upstream_port }};{{ end }}
	}
	{{ end }}{{ end }}