events {}

http {
    sendfile    on;
    keepalive_timeout 60;

     upstream omnivore_web {
    	ip_hash;
    	server 127.0.0.1:3000;
     }

     upstream omnivore_backend {
    	ip_hash;
    	server 127.0.0.1:4000;
     }

     upstream omnivore_imageproxy {
    	ip_hash;
    	server 127.0.0.1:7070;
     }

    upstream omnivore_bucket {
    	ip_hash;
    	server 127.0.0.1:1010;
    }

    server {
        listen 80;
        return 301 https://$host$request_uri;
    }

    server {
        listen 443 ssl;
        server_name  omnivore.domain.com;


        ssl_certificate   /path/to/cert.crt;
        ssl_certificate_key /path/to/cert.key;
        ssl_session_cache builtin:1000 shared:SSL:10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
        ssl_prefer_server_ciphers on;

        # Override for authentication on the frontend
        location /api/client/auth {
            proxy_pass http://omnivore_web;
        }

        # Save Route (Frontend)
        location /api/save {
            proxy_pass http://omnivore_web;
        }

        # API
        location /api {
            proxy_pass http://omnivore_backend;
        }

        # Minio
        location /bucket {
            proxy_pass http://omnivore_bucket;
        }

        # ImageProxy
        location /images {
            rewrite ^/images/(.*)$ /$1 break;
            proxy_pass http://omnivore_imageproxy;
        }

        # FrontEnd application
        location / {
            proxy_pass http://omnivore_web;
        }

        # Mail Proxy
        location /mail {
            proxy_pass http://localhost:4398/mail;
        }
    }
}