upstream app_server {
    server 127.0.0.1:8000 fail_timeout=10 max_fails=3 ;
}

upstream icon_server {
    server 127.0.0.1:8008 fail_timeout=2 max_fails=3;
    server 127.0.0.1:8000 backup;
}

upstream websocket_server {
    server 127.0.0.1:8008 fail_timeout=2 max_fails=3;
}


server {
    listen   80 default_server;
    
    server_name _;
    
    return 301 https://$host$request_uri;
}

server {
    listen   443 ssl default_server;

    ssl_certificate         /srv/secrets-newsblur/certificates/newsblur.com.crt;
    ssl_certificate_key     /srv/secrets-newsblur/certificates/newsblur.com.key;

    client_max_body_size 4M;
    server_name *.nb.local.com nb.local.com localhost;
    add_header X-nginx-server nginx_none;
    
    # kill cache
    add_header Last-Modified $date_gmt;
    add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
    if_modified_since off;
    expires off;
        
#    if ($host = 'newsblur.com') {
#        rewrite  ^/(.*)$  https://www.newsblur.com/$1  permanent;
#    }

    if (-f /srv/newsblur/templates/maintenance_on.html) {
        return 503;
    }
    
    error_page 502 @down;
    location @down {
        root /srv/newsblur/;
        rewrite ^(.*)$ /templates/502.html break;
    }
    
    error_page 503 @maintenance;
    location @maintenance {
        if ($uri !~ ^/media/) {
            root /srv/newsblur/;
            rewrite ^(.*)$ /templates/maintenance_on.html break;
        }
        root /srv/newsblur;
    }
    
    error_page 504 @timeout;
    location @timeout {
        root /srv/newsblur/;
        rewrite ^(.*)$ /templates/502.html break;
    }

    location /media/  {
        expires max;
        keepalive_timeout 1;
        root /srv/newsblur;
    }

    location /static/  {
        expires max;
        keepalive_timeout 1;
        root /srv/newsblur;
    }

    location /favicon.ico {
        alias      /srv/newsblur/media/img/favicon_32.png;
        expires max;
        access_log off;
    }

    location /maintenance {
        alias      /srv/newsblur/templates/maintenance_on.html;
        expires max;
        access_log off;
    }

    location ^~ /crossdomain.xml {
        expires max;
        alias /srv/newsblur/media/crossdomain.xml;
        types {
            text/x-cross-domain-policy  xml;
        }
    }

    location ^~ /robots.txt {
        expires max;
        alias /srv/newsblur/media/robots.txt;
    }

    location /munin/static/ {
        alias /etc/munin/static/;
    }

    location /munin/ {
        # alias  /var/cache/munin/www/;
        fastcgi_split_path_info ^(/munin)(.*);
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_pass unix:/var/run/munin/fcgi-html.sock;
        include fastcgi_params;
    }
    
    location ^~ /cgi-bin/munin-cgi-graph/ {
        fastcgi_split_path_info ^(/cgi-bin/munin-cgi-graph)(.*);
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_pass unix:/var/run/munin/fcgi-graph.sock;
        include fastcgi_params;
    }

    location ^~ /rss_feeds/icon/ {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        
        proxy_pass http://icon_server;
    }
    location ^~ /v3/socket.io/ {
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_http_version 1.1;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        
        proxy_pass http://websocket_server;
    }
    
    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;

        if (!-f $request_filename) {
            proxy_pass http://app_server;
            break;
        }
    }

}