server {
	listen {{ port }};
	server_name {{ domain }};
	root {{ sites_path }};


	{% if ssl_certificate and ssl_certificate_key %}
	ssl on;
	ssl_certificate      {{ ssl_certificate }};
	ssl_certificate_key  {{ ssl_certificate_key }};
	ssl_session_timeout  5m;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
	ssl_prefer_server_ciphers   on;
	{% endif %}

	location /assets {
		try_files $uri =404;
	}

	location ~ ^/protected/(.*) {
		internal;
		try_files /{{ bench_manager_site_name }}/$1 =404;
	}

	location /socket.io {
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_set_header X-Frappe-Site-Name {{ bench_manager_site_name }};
		proxy_set_header Origin $scheme://$http_host;
		proxy_set_header Host {{ bench_manager_site_name }};

		proxy_pass http://{{ bench_name }}-socketio-server;
	}

	location / {
		try_files /{{ bench_manager_site_name }}/public/$uri @webserver;
	}

	location @webserver {
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Frappe-Site-Name {{ bench_manager_site_name }};
		proxy_set_header Host {{ bench_manager_site_name }};
		proxy_set_header X-Use-X-Accel-Redirect True;
		proxy_read_timeout {{ http_timeout or 120 }};
		proxy_redirect off;

		proxy_pass  http://{{ bench_name }}-frappe;
	}

	# error pages
	{% for error_code, error_page in error_pages.items() -%}

	error_page {{ error_code }} /{{ error_page.split('/')[-1] }};
	location /{{ error_code }}.html {
		root {{ '/'.join(error_page.split('/')[:-1]) }};
		internal;
	}

	{% endfor -%}

	# optimizations
	sendfile on;
	keepalive_timeout 15;
	client_max_body_size 50m;
	client_body_buffer_size 16K;
	client_header_buffer_size 1k;

	# enable gzip compresion
	# based on https://mattstauffer.co/blog/enabling-gzip-on-nginx-servers-including-laravel-forge
	gzip on;
	gzip_http_version 1.1;
	gzip_comp_level 5;
	gzip_min_length 256;
	gzip_proxied any;
	gzip_vary on;
	gzip_types
		application/atom+xml
		application/javascript
		application/json
		application/rss+xml
		application/vnd.ms-fontobject
		application/x-font-ttf
		application/font-woff
		application/x-web-app-manifest+json
		application/xhtml+xml
		application/xml
		font/opentype
		image/svg+xml
		image/x-icon
		text/css
		text/plain
		text/x-component
		;
		# text/html is always compressed by HttpGzipModule
}