user www-data;
worker_processes 4;
pid /run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    {% if not push_server %}
    push_stream_shared_memory_size 32M;
    {% endif %}
    include mime.types;
    default_type application/octet-stream;
    sendfile on;
    keepalive_timeout 65;
    gzip on;

    upstream certidude_api {
        server unix:///run/uwsgi/app/certidude/socket;
    }

    server {
        server_name {{hostname}};
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;
        error_page 500 502 503 504 /50x.html;

        root {{static_path}};

        location /api/ {
            include uwsgi_params;
            uwsgi_pass certidude_api;
        }

        {% if not push_server %}
        location /pub {
            allow 127.0.0.1;
            nchan_publisher http;
            nchan_store_messages off;
            nchan_channel_id $arg_id;
        }

        location ~ "^/lp/(.*)" {
            nchan_subscriber longpoll;
            nchan_channel_id $1;
        }

        location ~ "^/ev/(.*)" {
            nchan_subscriber eventsource;
            nchan_channel_id $1;
        }
        {% endif %}

    }
}