# justask nginx config

# Redirect www.retrospring.net to retrospring.net, because it looks nicer.
server {
    listen *:80;
    listen *:443;
    server_name www.retrospring.net;
    return 301 $scheme://retrospring.net$request_uri;
}


# This is a normal HTTP host which redirects all traffic to the HTTPS host.
server {
    listen *:80;
    # Replace retrospring.net with your FQDN.
    server_name retrospring.net;
    server_tokens off;
    # root doesn't have to be a valid path since we are redirecting
    root /nowhere;
    rewrite ^ https://$server_name$request_uri permanent;
}


# The actual configuration.
server {
    # SSL settings
    listen 443 ssl;

    ssl on;
    ssl_certificate /usr/local/etc/nginx/ssl/certs/retrospring.net/retrospring.net.pem;
    ssl_certificate_key /usr/local/etc/nginx/ssl/certs/retrospring.net/retrospring.net.key;

    # use this header only if all subdomains support HTTPS!
    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";

    ssl_session_cache  builtin:1000  shared:SSL:10m;

    # forward secrecy settings
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers   on;
    ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';

    # Replace retrospring.net with your FQDN
    server_name retrospring.net;
    server_tokens off;

    # Replace /usr/home/justask/justask with the path to your justask installation
    root /usr/home/justask/justask/public;
    access_log /var/log/nginx/justask.log;

    client_max_body_size 5M;
    
    error_page 404 = /404.html;
    error_page 422 = /422.html;
    error_page 500 = /500.html;
    error_page 502 = /502.html;

    try_files $uri @justask;

    location @justask {
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_max_temp_file_size 0;
        
        # Replace /usr/home/justask/justask with the path to your justask installation
        proxy_pass http://unix:/usr/home/justask/justask/tmp/sockets/justask.sock;
        break;
    }
}