{% if ACTIVATE_HTTPS %}
server {
    server_name {{ CMS_HOST }};
    listen 80;
    return 301 https://$server_name$request_uri;
}
{% endif %}

server {
  listen {{ "443 ssl" if ACTIVATE_HTTPS else "80" }};
  server_name studio.localhost {{ CMS_HOST }};

  {% if ACTIVATE_HTTPS %}
  ssl_certificate /etc/letsencrypt/live/{{ LMS_HOST }}/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/{{ LMS_HOST }}/privkey.pem;
  {% endif %}

  client_max_body_size 100M;

  rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last;
  
  # Disables server version feedback on pages and in headers
  server_tokens off;
  # Prevent invalid display courseware in IE 10+ with high privacy settings
  add_header P3P 'CP="Open edX does not have a P3P policy."';

  location @proxy_to_cms_app {
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Port $server_port;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    # Docker resolver
    resolver 127.0.0.11 valid=10s;
    set $upstream cms;
    proxy_pass http://$upstream:8000;
  }

  location / {
    try_files $uri @proxy_to_cms_app;
  }

  location ~ ^/static/(?P<file>.*) {
    root /var/www/openedx;
    try_files /staticfiles/$file /course_static/$file =404;

    # return a 403 for static files that shouldn't be
    # in the staticfiles directory
    location ~ ^/static/(?:.*)(?:\.xml|\.json|README.TXT) {
      return 403;
    }

    # Set django-pipelined files to maximum cache time
    location ~ "/static/(?P<collected>.*\.[0-9a-f]{12}\..*)" {
      expires max;
      try_files /staticfiles/$collected /course_static/$collected =404;
    }
    location ~ "/static/(?P<collected>[0-9a-f]{7}/.*)" {
      expires max;
      try_files /staticfiles/$collected /course_static/$collected =404;
    }

    # Expire other static files immediately (there should be very few / none of these)
    expires epoch;
  }
}