server {
    listen *:2634 ssl;
    listen [::]:2634 ssl;

    ssl_certificate         /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/privkey.pem;

    server_name {{ tpl .Values.fqdn . }};

    root /usr/share/nginx/html;

    client_max_body_size 0;

    location / {
        proxy_pass http://localhost:2633;

        # Forward original host name to be seen in unicorn
        proxy_set_header Host $host;

        # Server name and address like being available in PHP
        proxy_set_header SERVER_NAME $server_name;
        proxy_set_header SERVER_ADDR $server_addr;

        # Forward client ip address to rack/rails so logging
        proxy_set_header X-Forwarded-For $remote_addr;

        # Tell rack if it is http or https
        # https://github.com/intridea/omniauth/blob/master/lib/omniauth/strategy.rb#L483
        # http://nginx.org/en/docs/http/ngx_http_core_module.html#variables
        # $https was introduced in 1.1.11 - we are using 0.7.67-3+squeeze3
        # so we cannot use
        #   proxy_set_header HTTPS $https;
        # but have to forward the scheme like this
        proxy_set_header X_FORWARDED_SCHEME $scheme;

        # Some applications seem to use X_FORWARDED_SCHEME while others need
        # X_FORWARDED_PROTO, so we set X_FORWARDED_PROTO too
        proxy_set_header X_FORWARDED_PROTO $scheme;

    }
}