map $sent_http_content_type $expires {
  "text/html" epoch;
  "text/html; charset=utf-8" epoch;
  default off;
}

map $request_uri $cache_tag {
  ~/uploads/ "public, max-age=2592000";
  default "";
}

server {
  listen 80;
  server_name {{ domainName }} www.{{ domainName }};
  rewrite ^(.*) https://{{ domainName }}$1 permanent;
}

server {
  listen 443 ssl http2;
  server_name {{ domainName }} www.{{ domainName }};

  if ($host = 'www.{{ domainName }}') {
    return 301 https://{{ domainName }}$request_uri;
  }

  gzip on;
  gzip_types text/plain application/xml text/css application/javascript;
  gzip_min_length 1000;

  location / {
    add_header Access-Control-Allow-Origin *;
    expires $expires;

    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_read_timeout 1m;
    proxy_connect_timeout 1m;
    proxy_pass http://127.0.0.1:{{ nuxtPort }}/;

    rewrite ^/(.*)/$ /$1 permanent;
  }

  location /cms/ {
    add_header Cache-Control $cache_tag;

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_cache_bypass $http_upgrade;
    proxy_pass http://127.0.0.1:{{ pruviousPort }}/;
  }

  ssl_certificate /etc/letsencrypt/live/{{ domainName }}/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/{{ domainName }}/privkey.pem;
  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
