worker_processes 1;

user nobody nogroup;
pid /tmp/nginx.pid;
error_log /tmp/nginx.error.log;

events {
    worker_connections 1024;
    accept_mutex off;
}

http {
    types_hash_max_size 2048;
    include /etc/nginx/mime.types;

    default_type application/octet-stream;
    access_log /tmp/nginx.access.log combined;
    sendfile on;

    upstream app_server {
        server unix:/tmp/gunicorn.sock fail_timeout=0;
        # For a TCP configuration:
        # server 192.168.0.7:8000 fail_timeout=0;
    }

    server {
        listen 80 default_server;
        server_name _;
        rewrite ^ https://$host$request_uri? permanent;
    }

    server {
        listen 443 default;
        client_max_body_size 4G;
        server_name _;

        keepalive_timeout 5;

        ssl on;
        ssl_certificate ./certs/quay-unified.cert;
        ssl_certificate_key ./certs/quay.key;
        ssl_session_timeout 5m;
        ssl_protocols SSLv3 TLSv1;
        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
        ssl_prefer_server_ciphers on;

        if ($args ~ "_escaped_fragment_") {
            rewrite ^ /static/snapshots$uri/index.html;
        }

        location /static/ {
            # checks for static file, if not found proxy to app
            alias /home/ubuntu/quay/static/;
        }

        location / {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Host $http_host;
            proxy_redirect off;
            proxy_buffering off;

            proxy_pass   http://app_server;
        }
    }
}