# the upstream component nginx needs to connect to
upstream note {
    server unix:///var/www/note_kfet/note_kfet.sock; # file socket
}

# Redirect HTTP to nk20 HTTPS
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    location / {
        return 301 https://{{ note.server_name }}$request_uri;
    }
}

# Redirect all HTTPS to nk20 HTTPS
server {
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;

    location / {
        return 301 https://{{ note.server_name }}$request_uri;
    }

    ssl_certificate /etc/letsencrypt/live/{{ note.server_name }}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/{{ note.server_name }}/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

# configuration of the server
server {
    listen 443 ssl;
    listen [::]:443 ssl;

    # the port your site will be served on
    # the domain name it will serve for
    server_name {{ note.server_name }}; # substitute your machine's IP address or FQDN
    charset     utf-8;

    # max upload size
    client_max_body_size 75M;   # adjust to taste

{% if note.serve_static %}
    # Django media
    location /media  {
        alias /var/www/note_kfet/media;  # your Django project's media files - amend as required
    }

    location /static {
        alias /var/www/note_kfet/static; # your Django project's static files - amend as required
    }

{% endif %}
    location /doc {
        alias /var/www/documentation;    # The documentation of the project
    }

    # Finally, send all non-media requests to the Django server.
    location / {
        uwsgi_pass note;
        include /etc/nginx/uwsgi_params;
    }

    ssl_certificate /etc/letsencrypt/live/{{ note.server_name }}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/{{ note.server_name }}/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}