# http > https
server {
  listen 80;
  server_name ikea-foundation-week-2025.onc.dk;

  root /home/ikea_foundation_2025/week_2025/public;
    
  # Lets encrypt
  location ~ /.well-known {
    allow all;
  }

  location / {
    return 301 https://ikea-foundation-week-2025.onc.dk$request_uri;
  }   
}

# # https
# server {
#   listen 443 ssl;
#   http2 on;
#   
#   server_name ikea-foundation-week-2025.onc.dk;
#   
#   # keepalive_timeout 300;
#   keepalive_timeout 5;
#   client_max_body_size 4G;
#     
#   ssl_certificate /etc/letsencrypt/live/ikea-foundation-week-2025.onc.dk/fullchain.pem; # managed by Certbot
#   ssl_certificate_key /etc/letsencrypt/live/ikea-foundation-week-2025.onc.dk/privkey.pem; # managed by Certbot
#   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# 
#   location / {
#     return 301 https://spotlinks.ikeafoundation.org$request_uri;
#   }  
# }

# # http > https
# server {
#   listen 80;
#   server_name spotlinks.ikeafoundation.org;
# 
#   root /home/ikea_foundation_2025/week_2025/public;
#     
#   # Lets encrypt
#   location ~ /.well-known {
#     allow all;
#   }
# 
#   location / {
#     return 301 https://spotlinks.ikeafoundation.org$request_uri;
#   }   
# }

# Puma
upstream puma_ikea_25 {
  server unix:///home/ikea_foundation_2025/week_2025/tmp/pids/puma.sock fail_timeout=0;
}



# https
server {
  listen 443 ssl;
  http2 on;
  
  # server_name spotlinks.ikeafoundation.org;
  server_name ikea-foundation-week-2025.onc.dk;
  
  # keepalive_timeout 300;
  keepalive_timeout 5;
  client_max_body_size 4G;
    
  # ssl_certificate /etc/letsencrypt/live/spotlinks.ikeafoundation.org/fullchain.pem; # managed by Certbot
  # ssl_certificate_key /etc/letsencrypt/live/spotlinks.ikeafoundation.org/privkey.pem; # managed by Certbot

  ssl_certificate /etc/letsencrypt/live/ikea-foundation-week-2025.onc.dk/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/ikea-foundation-week-2025.onc.dk/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  access_log  /home/ikea_foundation_2025/week_2025/log/httpd-access.log;
  error_log   /home/ikea_foundation_2025/week_2025/log/httpd-errors.log;  

  root /home/ikea_foundation_2025/week_2025/public;

  # App server    
  location @puma_ikea_25 {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded_Proto $scheme;
    proxy_redirect off;
    
    proxy_pass http://puma_ikea_25;
  }

  # Serve static (compiled) assets directly if they exist (for rails production)
  location ~ ^/(assets|packs|static)/ {
    try_files $uri @puma_ikea_25;

    access_log off;
    gzip_static on; 

    expires max;
    add_header Cache-Control public;

    # Some browsers still send conditional-GET requests if there's a
    # Last-Modified header or an ETag header even if they haven't
    # reached the expiry date sent in the Expires header.
    add_header Last-Modified "";
    add_header ETag "";
    break;
  }

  # location /cable {
  #   proxy_pass http://puma_ikea_25;
  #   proxy_http_version 1.1;
  #   proxy_set_header Upgrade $http_upgrade;
  #   proxy_set_header Connection 'upgrade';
  # } 
  
  # Send non-static file requests to the app server
  location / {
    try_files $uri @puma_ikea_25;
  }  
  
  # You can override error pages by redirecting the requests to a file in your
  # application's public folder, if you so desire:
  error_page 500 502 503 504 /500.html;
  location = /500.html {
    root /home/ikea_foundation_2025/week_2025/public;
  }
}