#=======================================================================
# Nginx configuration for LemonLDAP::NG Handler
#=======================================================================
# This file implements the reload virtualhost that permits to reload
# configuration without restarting server.
# You need then to declare this vhost in reloadUrls (in the manager
# interface if this server doesn't host the manager itself):
#
#         KEY       :               VALUE
#   host-or-IP:port :  http://reload.example.com/reload
#
# IMPORTANT:
# To protect applications, see test-nginx.conf template in example files

# Log format
include /etc/lemonldap-ng/nginx-lmlog.conf;
#access_log /var/log/nginx/access.log lm_combined;

server {
  listen 80;
  server_name %%reloadWebName;
  return 301 https://$host$request_uri;
}

server {
  listen 443;
  ssl on;
%if %%cert_type == "letsencrypt"
  ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem;
  ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem;
%else
  ssl_certificate    %%server_cert;
  ssl_certificate_key     %%server_key;
%end if
  ssl_client_certificate  /etc/ssl/certs/ca.crt;
  access_log  /var/log/nginx/manager-lemon-ldap.access-ssl.log;
  server_name %%reloadWebName;
  root /var/www/html;

  error_page   403 404 502 503 504  /nginx.html;
  location = /nginx.html{
       root /usr/share/nginx/html;
    }

  location = /reload {
    allow 127.0.0.1;
    deny all;

    # FastCGI configuration
    include /etc/nginx/fastcgi_params;
    fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
    fastcgi_param LLTYPE reload;

    # OR TO USE uWSGI
    #include /etc/nginx/uwsgi_params;
    #uwsgi_pass 127.0.0.1:5000;
    #uwsgi_param LLTYPE reload;
  }

  # Client requests
  location / {
    deny all;

    # Uncomment this if you use https only
    #add_header Strict-Transport-Security "max-age=15768000";
  }

}