# forward 80 http request to https
#server {
#    listen 80;
#    server_name {{domain_name}};
#    location / {
#       return 301 https://$host$request_uri;
#    }
#    location /.well-known/acme-challenge/ {
#        root /var/www/certbot;
#    }
#}

# duniter g1 bmas
server {
    listen 10900 ssl;
    server_name {{domain_name}};
    ssl_certificate /etc/letsencrypt/live/{{domain_name}}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/{{domain_name}}/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://{{inventory_hostname}}:11900;
    }
}

# duniter g1-test bmas
server {
    listen 10901 ssl;
    server_name {{domain_name}};
    ssl_certificate /etc/letsencrypt/live/{{domain_name}}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/{{domain_name}}/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://{{inventory_hostname}}:11901;
    }
}

# duniter g1 g1-test ws2p ssl
server {
    listen 443 ssl;
    server_name {{domain_name}};
    ssl_certificate /etc/letsencrypt/live/{{domain_name}}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/{{domain_name}}/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location /g1 {
        # required for websocket
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;

        proxy_pass http://{{inventory_hostname}}:21900;
    }

    location /g1-test {
        # required for websocket
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;

        proxy_pass http://{{inventory_hostname}}:21901;
    }
}