upstream puma_<%= fetch(:full_app_name) %> { <%
  flags = 'fail_timeout=0'
  @backends = [fetch(:puma_bind)].flatten.map do |m|
  etype, address  = /(tcp|unix|ssl):\/{1,2}(.+)/.match(m).captures
  if etype =='unix'
    "server #{etype}:#{address} #{fetch(:nginx_socket_flags)};"
  else
    "server #{address.gsub(/0\.0\.0\.0(.+)/, "127.0.0.1\\1")} #{fetch(:nginx_http_flags)};"
  end
end
%><% @backends.each do |server|  %>
  <%= server %><% end %>
}

server {
  listen 80;
  listen [::]:80;
  server_name <%= fetch(:server_name) %> www.<%= fetch(:server_name) %>;
  return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl;
  server_name <%= fetch(:server_name) %>;

  root <%= current_path %>/public;
  try_files $uri/index.html $uri @puma_<%= fetch(:full_app_name) %>;

  location ^~ /assets/ {
    gzip_static on;
    expires max;
    access_log off;
    add_header Cache-Control public;
  }

  location @puma_<%= fetch(:full_app_name) %> {
    proxy_set_header   Host $http_host;
    proxy_set_header   X-Real-IP        $remote_addr;
    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_redirect off;
    proxy_pass http://puma_<%= fetch(:full_app_name) %>;
    # limit_req zone=one;
  }

  # Setup SSL certs
  ssl                   on;
  ssl_certificate       <%= fetch(:ssl_certificate) %>;
  ssl_certificate_key   <%= fetch(:ssl_certificate_key) %>;

  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  # Logging and miscellaneous settings
  access_log            <%= shared_path %>/log/nginx.access.log;
  error_log             <%= shared_path %>/log/nginx.error.log;
  rewrite_log           on;

  client_max_body_size 25m;
  keepalive_timeout 10;

  # Redirect server error pages to the static page /50x.html
  error_page 500 502 503 504 /50x.html;

  location = /50x.html {
    root html;
  }

  location = /404.html {
    root html;
  }

  location @503 {
    error_page 405 = /system/maintenance.html;
    if (-f $document_root/system/maintenance.html) {
      rewrite ^(.*)$ /system/maintenance.html break;
    }
    rewrite ^(.*)$ /503.html break;
  }

  if ($request_method !~ ^(GET|HEAD|PUT|PATCH|POST|DELETE|OPTIONS)$ ){
    return 405;
  }

  if (-f $document_root/system/maintenance.html) {
    return 503;
  }

  location ~ \.(php)$ {
    return 405;
  }
}