worker_processes {{ parameter_dict['workers-processes'] }};

pid {{ parameter_dict['pid-file'] }};
error_log {{ parameter_dict['error-log'] }};

daemon off;

events {
  worker_connections 1024;
  accept_mutex off;
}

http {
    # include mime.types;
    default_type application/octet-stream;
    access_log {{ parameter_dict['access-log'] }} combined;
    client_max_body_size 10M;
    map $http_upgrade $connection_upgrade {
      default upgrade;
      ''      close;
    }
    sendfile on;

    upstream app_server {
      # for UNIX domain socket setups
      server unix:{{ parameter_dict['socket'] }} fail_timeout=0;
    }

    {% if parameter_dict['cert-file'] and parameter_dict['key-file'] -%}
    server {
      listen [{{ parameter_dict['ip'] }}]:{{ parameter_dict['https-port'] }} ssl;
      server_name _;
      ssl_certificate     {{ parameter_dict['cert-file'] }};
      ssl_certificate_key {{ parameter_dict['key-file'] }};
      ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers         ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5;
      ssl_prefer_server_ciphers on;
      keepalive_timeout 90s;
      client_body_temp_path {{ parameter_dict['client-body-temp-path'] }};
      proxy_temp_path {{ parameter_dict['proxy-temp-path'] }};
      fastcgi_temp_path {{ parameter_dict['fastcgi-temp-path'] }};
      uwsgi_temp_path {{ parameter_dict['uwsgi-temp-path'] }};
      scgi_temp_path {{ parameter_dict['scgi-temp-path'] }};

      location / {
          proxy_redirect off;
          proxy_set_header   X-Forwarded-Proto $scheme;
          proxy_set_header   X-Real-IP $remote_addr;
          proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
          proxy_set_header   X-Forwarded-Host  $http_host;
          proxy_set_header   Host $http_host;
          proxy_set_header   Authorization $http_authorization;
          proxy_pass_header  Authorization;
          proxy_connect_timeout 90;
          proxy_send_timeout    90;
          proxy_read_timeout    90;
          send_timeout          90;

          proxy_pass http://app_server;
      }
    }
    {% endif -%}

    server {
      listen [{{ parameter_dict['ip'] }}]:{{ parameter_dict['port'] }};
      server_name _;
      keepalive_timeout 90s;
      client_body_temp_path {{ parameter_dict['client-body-temp-path'] }};
      proxy_temp_path {{ parameter_dict['proxy-temp-path'] }};
      fastcgi_temp_path {{ parameter_dict['fastcgi-temp-path'] }};
      uwsgi_temp_path {{ parameter_dict['uwsgi-temp-path'] }};
      scgi_temp_path {{ parameter_dict['scgi-temp-path'] }};

      location ~ ^(/admin|/user) {
        # http is not used for /admin and /user
      }

      location / {
          proxy_redirect off;
          proxy_set_header   X-Forwarded-Proto $scheme;
          proxy_set_header   X-Real-IP $remote_addr;
          proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
          proxy_set_header   X-Forwarded-Host  $http_host;
          proxy_set_header   Host $http_host;
          proxy_set_header   Authorization $http_authorization;
          proxy_pass_header  Authorization;
          proxy_connect_timeout 90;
          proxy_send_timeout    90;
          proxy_read_timeout    90;
          send_timeout          90;

          proxy_pass http://app_server;
      }
    }
}