server {
  server_name {{ impress_hostname }};
  listen 80;
  listen [::]:80;
  if ($host = {{ impress_hostname }}) {
    return 301 https://$host$request_uri;
  }
}

server {
  set $maintenance 0; # To enable maintenance mode, set this to 1.

  server_name {{ impress_hostname }};
  listen 443 ssl;
  listen [::]:443 ssl;
  ssl_certificate /etc/letsencrypt/live/{{ impress_hostname }}/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/{{ impress_hostname }}/privkey.pem;
  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
  ssl_session_cache shared:SSL:10m; # https://superuser.com/q/1484466/14127

  root /srv/impress/current/public;

  # Serve assets using their precompressed *.gz versions.
  # The filenames contain content hashes, so they should be safe to
  # cache forever.
  # https://stackoverflow.com/a/6952804/107415
  location ~ ^/assets/ {
    gzip_static on;
    expires     max;
    add_header  Cache-Control public;
    add_header  Last-Modified "";
    add_header  ETag "";
  }

  location /public-data/ {
    autoindex on;
  }

  # On status 503, return the maintenance page. (We'll trigger this ourselves
  # in the @app location, if $maintenance is on.)
  error_page 503 /maintenance.html;

  # On status 502, return the outage page. (nginx will trigger this if the
  # `proxy_pass` to the application fails.)
  error_page 502 /outage.html;

  # Try serving static files first. If not found, fall back to the app.
  try_files $uri/index.html $uri @app;

  location @app {
    # If we're hardcoded as being in maintenance mode, return status 503, which
    # will show the maintenance page as specified above.
    if ($maintenance = 1) {
      return 503;
    }

    proxy_pass http://127.0.0.1:3000;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header Host $http_host;
    proxy_redirect off;
  }
}