# Generated by Chef
upstream _akkounts_api {
<% @upstream_hosts.each do |host| %>
  server   <%= host %>:<%= @upstream_port %>;
<% end %>
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name <%= @domain %>;

  ssl_certificate     <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;

  add_header 'Strict-Transport-Security' 'max-age=31536000';

  access_log <%= node[:nginx][:log_dir] %>/<%= @domain %>.access.log json;
  error_log <%= node[:nginx][:log_dir] %>/<%= @domain %>.error.log warn;

  location /kredits/ {
    add_header 'Access-Control-Allow-Origin' '*' always;
    add_header 'Access-Control-Allow-Methods' 'GET' always;
    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
    add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $http_host;
    proxy_ssl_server_name on;
    proxy_buffers 1024 8k;
    proxy_http_version 1.1;

    proxy_pass http://_akkounts_api/api/kredits/;
  }
}