server {
    listen 80 default_server;
    listen [::]:80 default_server;

    server_name _;

    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name <%= hostUrl %>;
    ssl_certificate           /etc/letsencrypt/live/<%= hostUrl %>/fullchain.pem;
    ssl_certificate_key       /etc/letsencrypt/live/<%= hostUrl %>/fullchain.key;
    
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;
    client_max_body_size  100M;
    access_log            /var/log/nginx/api.access.log;

    location / {
      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;
      # Fix the “It appears that your reverse proxy set up is broken" error.
      proxy_pass          http://localhost:3000;
      proxy_connect_timeout       600;
      proxy_send_timeout          600;
      proxy_read_timeout          600;
      send_timeout                600;
      proxy_redirect      http://localhost:3000 https://<%= hostUrl %>;

        # Caching
        if ($request_uri ~* ".(ico|css|js|gif|jpe?g|png)$") {
                expires 30d;
                access_log off;
                add_header Pragma public;
                add_header Cache-Control "public";
                break;
        }
    }
  }