limit_req_zone $binary_remote_addr zone=login:10m rate=2r/s;

upstream app_server {
    server 127.0.0.1:12000 fail_timeout=0;
}

# Combined log with remote:local port logged
log_format combined_port '$remote_addr - $remote_user [$time_local] '
                         '"$request" $status $body_bytes_sent '
                         '"$http_referer" "$http_user_agent" "$remote_port:$server_port"';

# -----------------------------------------------------------------------------
# Redirect all sort of non-ssl (with and without www) to ssl without www
# -----------------------------------------------------------------------------
server {
    listen 80;
    server_name     dpaste.de 
                www.dpaste.de
                    dpaste.org
                www.dpaste.org;

    location / {
        rewrite ^ https://$server_name$request_uri? permanent;
    }
}

# -----------------------------------------------------------------------------
# SSL Hosts
# -----------------------------------------------------------------------------

server {
    listen 443 ssl spdy;
    server_name dpaste.org www.dpaste.org;

    ssl_certificate /srv/dpaste.de/var/ssl/dpaste_org_unified.crt;
    ssl_certificate_key /srv/dpaste.de/var/ssl/dpaste_org.key;
    add_header Strict-Transport-Security max-age=25200;

    # Redirect to dpaste.de
    location / {
        rewrite  ^/(.*)$  https://dpaste.de/$1 permanent;
    }
}

server {
    listen 443 ssl spdy;
    server_name dpaste.de www.dpaste.de;

    ssl_certificate /srv/dpaste.de/var/ssl/dpaste_de_unified.crt;
    ssl_certificate_key /srv/dpaste.de/var/ssl/dpaste_de.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers AES256+EECDH:AES256+EDH;
    ssl_session_cache  builtin:1000  shared:SSL:5m;
    ssl_prefer_server_ciphers on;

    add_header Strict-Transport-Security max-age=25200;
    
    # Rewrite www to non-www
    if ($host = www.dpaste.de) {
        rewrite  ^/(.*)$  https://dpaste.de/$1 permanent;
    }

    access_log /srv/dpaste.de/var/nginx.access.log combined_port;
    error_log /srv/dpaste.de/var/nginx.error.log;

    keepalive_timeout 5;
    client_max_body_size 2M;

    location /media/ {
        alias /srv/dpaste.de/var/media/;
    }

    location /static/ {
        alias /srv/dpaste.de/var/static/;
    }

    location / {
        
        limit_req zone=login burst=5;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_buffering off;
        proxy_pass http://app_server;
        break;
    }
}