#
#  NGINX configuration file 
#  To make NGINX reverse proxy on https-demo.eastgate.in webserver / website
#
#
#  step 1: Copy this config file
#  $ sudo cp https-demo.eastgate.in /etc/nginx/sites-available folder
# 
#  step 2: Enable this site
#  $ sudo ln -s /etc/nginx/sites-available/https-demo.eastgate.in /etc/nginx/sites-enabled 
#
#  step 3: Restart NGINX service
#  $ sudo systemctl restart nginx
#
#  step 4: Check status of this service
#  $ sudo systemctl status nginx
#
#  step 5: Check NGINX is running with NO ERRORs
#  $ sudo nginx -t
#

server { # this server block redirects http://https-demo.eastgate.in requests 
		 # TO  https://https-demo.eastgate.in
	listen 80;
	listen [::]:80;
	server_name    https-demo.eastgate.in; 
	return 301 https://https-demo.eastgate.in$request_uri; 
}

server { # this server block handles secured https requests
	listen 443 ssl;
	listen [::]:443 ssl;

	server_name  https-demo.eastgate.in;

	ssl_certificate		/etc/letsencrypt/live/eastgate.in/fullchain.pem;
	ssl_certificate_key	/etc/letsencrypt/live/eastgate.in/privkey.pem;

	ssl_session_cache	builtin:1000	shared:SSL:10m;
	ssl_protocols	TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
	ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;

	access_log	/var/log/nginx/eastgate.access.log;

	location / {

		proxy_set_header	Host $host;
		proxy_set_header	X-Real-IP $remote_addr;
		proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header	X-Forwarded-Proto $scheme;

		proxy_pass https://localhost:3010;  # use https here, rather than mere http and avoid 502 Bad Gateway error
		proxy_read_timeout	90;

		proxy_redirect	https://localhost:3010 https://https-demo.eastgate.in;
	}

}