upstream {{annotations_api_upstream_name}} {
    server {{annotations_api_host}}:{{annotations_api_port}};
    server 127.0.0.1 backup;
}

upstream {{discussions_api_upstream_name}} {
    server {{discussions_host}}:{{discussions_port}};
    server 127.0.0.1 backup;
}


server {
    listen 80;
    listen [::]:80;

    server_name {{static_server_name}};
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name {{static_server_name}};

    access_log /var/log/nginx/{{static_server_name}}-access.log;
    error_log /var/log/nginx/{{static_server_name}}-error.log;

    ssl_certificate /etc/letsencrypt/live/{{static_server_name}}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/{{static_server_name}}/privkey.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';


    root {{remote_static_path}}/;
    index index.html index.htm;

    location /.well-known/acme-challenge {
        alias /var/lib/letsencrypt/.well-known/acme-challenge;
        default_type "text/plain";
        try_files $uri =404;
    }

    location {{annotations_api_url}}/ {
        uwsgi_pass  {{annotations_api_upstream_name}};
        include /etc/nginx/uwsgi_params;
    }

    location {{discussions_url}}/ {
        uwsgi_pass  {{discussions_api_upstream_name}};
        include /etc/nginx/uwsgi_params;
    }

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ /index.html;
        # Uncomment to enable naxsi on this location
        # include /etc/nginx/naxsi.rules
    }
}