## loomio ##############################################
upstream coreos-loomio {
    keepalive 100;
    server coreos.example.com:8001;
 }

server {

    listen 443 ssl;
    listen [::]:443 ssl;

    server_name  
        loomio.example.com
        ;
    
    # SSL specifique
    ssl_certificate           /etc/letsencrypt/certs/loomio_ca.crt;
    ssl_certificate_key       /etc/letsencrypt/private/loomio.key;
    ## HTTPS config
    ssl_session_timeout 10m;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ## Send header to tell the browser to prefer https to http traffic
    add_header Strict-Transport-Security max-age=31536000;

    # Logging
    access_log            /var/log/nginx/loomio_access.log;
    access_log            /var/log/nginx/loomio_upstream.log upstreamlog;
    error_log             /var/log/nginx/loomio_error.log;
   
    location / {
      # mêmes paramètres pour tout le monde
      include conf.d/proxy.ini;

      # le reste du chemin est en HTTP dans le LAN
      # cf conf.d/upstream.ini
      proxy_pass          http://coreos-loomio;

      ## assure de garder le keepalive actif
      proxy_set_header Connection "";
      proxy_read_timeout     300;
      proxy_connect_timeout  300;
    }
}

## faye ################################################
upstream coreos-loomio-faye {
    keepalive 100;
    server server coreos.example.com:8001;
}

server {

    listen 443 ssl;
    listen [::]:443 ssl;

    server_name  
        faye.loomio.example.com
        ;
    
    # SSL specifique
    ssl_certificate           /etc/letsencrypt/certs/faye.loomio_ca.crt;
    ssl_certificate_key       /etc/letsencrypt/private/faye.loomio.key;
    ## HTTPS config
    ssl_session_timeout 10m;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ## Send header to tell the browser to prefer https to http traffic
    add_header Strict-Transport-Security max-age=31536000;

    # Logging
    access_log            /var/log/nginx/loomio-faye_access.log;
    access_log            /var/log/nginx/loomio-faye_upstream.log upstreamlog;
    error_log             /var/log/nginx/loomio-faye_error.log;
    
    location / {
      # mêmes paramètres pour tout le monde
      include conf.d/proxy.ini;
 
      # le reste du chemin est en HTTP dans le LAN
      proxy_pass          http://coreos-loomio-faye;

      ## assure de garder le keepalive actif
      proxy_set_header Connection "";
      proxy_read_timeout     300;
      proxy_connect_timeout  300;
    }
}