upstream <%= app_name %> {
	server unix:/tmp/unicorn.<%= app_name %>.sock fail_timeout=0;
}

server {
  listen 443 ssl;
  server_name <%= @domain %>;

  index index.html;
  root /home/deploy/apps/<%= app_name %>/public;
  try_files $uri/index.html $uri @app;

  location @app {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    # enable this if you forward HTTPS traffic to unicorn,
    # this helps Rack set the proper URL scheme for doing redirects:
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://<%= app_name %>;
  }

  client_max_body_size 100m;

  error_page 500 502 503 504 /500.html;

  location ~ ^/assets/ {
    expires 1y;
    add_header Cache-Control public;
    add_header ETag "";

    if ($request_filename ~* ^.*?\.(eot)|(ttf)|(woff)|(svg)|(otf)$){
      add_header Access-Control-Allow-Origin *;
    }
    break;
  }

  location ~ ^/(assets)/  {
    root /home/deploy/apps/<%= app_name %>/public;
    gzip_static on; # to serve pre-gzipped version
    expires max;
    add_header Cache-Control public;
  }

  # Let's Encrypt certificates
  ssl_certificate /etc/letsencrypt/live/<%= @domain %>/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/<%= @domain %>/privkey.pem;

  location /home/deploy/apps/<%= app_name %>/public/.well-known {
  	allow all;
  }
}


server {
  listen 80;
  server_name <%= @domains.join(' ') %>;
  return 301 https://<%= @domain %>$request_uri;
}

<% if @www_domain %>
server {
  listen 443 ssl;
  server_name <%= @www_domain %>;
  return 301 $scheme://<%= @domain %>$request_uri;

  # Let's Encrypt certificates
  ssl_certificate /etc/letsencrypt/live/<%= @domain %>/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/<%= @domain %>/privkey.pem;
}
<% end %>