#### For <$NGINX_HOSTNAME>

upstream docker-scalelite {
    server scalelite.api:3000;
}

server {
    server_name $NGINX_HOSTNAME;

    listen 80;
    listen [::]:80;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    server_name $NGINX_HOSTNAME;

    listen 443 ssl;
    listen [::]:443;

    ## Configuration for Letsencrypt SSL Certificate
    ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem;

    ## Configuration for SSL Certificate from a CA other than Letsencrypt
    #ssl_certificate /etc/ssl/fullchain.pem;
    #ssl_certificate_key /etc/ssl/privkey.pem;

    location / {
            proxy_pass  http://docker-scalelite;
            proxy_read_timeout 60s;
            proxy_redirect off;

            proxy_set_header  Host $http_host;

            proxy_set_header  X-Real-IP $remote_addr;
            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header  Cookie "$http_cookie; ip=$remote_addr";

            proxy_set_header  X-Forwarded-Proto $scheme;

            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";

            rewrite ~/(.*)$ /$1 break;
    }
}