upstream app_server_{{ extended_name }} {
  # fail_timeout=0 means we always retry an upstream even if it failed
  # to return a good HTTP response

  # for UNIX domain socket setups
  server unix:/tmp/gunicorn.{{ extended_name }}.sock fail_timeout=0;

  # for a TCP configuration
  # server 192.168.0.7:8000 fail_timeout=0;
  # server {{django_host}}:{{django_port}} fail_timeout=0;
}

server {
    server_name  .{{server_name}}

    charset 	utf-8;

    client_max_body_size 4G;

    access_log  {{access_log}};
    error_log  {{error_log}};
 
    location /media {
      alias {{ server_media_dynamic }};
    }

    location /static/debug_toolbar {
      alias {{virtualenv_sitepackages}}/debug_toolbar/static/debug_toolbar;
    } 

    location /static {
      alias {{ server_media_static}};
    }

    location / {
      proxy_pass_header Server;
      proxy_set_header Host $http_host;
      proxy_redirect off;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Scheme $scheme;
      proxy_connect_timeout 10;
      proxy_read_timeout 10;
      proxy_pass http://app_server_{{extended_name}};
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }

    # this breaks down with multiple domains using ssl
    # so I'm commenting it out
    # listen [::]:443 ssl ipv6only=on; # managed by Certbot

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/{{server_name}}/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/{{server_name}}/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = {{server_name}}) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen {{port}};
    listen [::]:{{port}};

    server_name {{server_name}};
    return 404; # managed by Certbot
}