# Redirect http://app.humbughq.com and other unsupported
# hostnames to https://humbughq.com
#
# We don't have a redirect for HTTPS, however.
server {
    listen 80 default_server;
    server_name app.humbughq.com;
    return 301 https://humbughq.com;
}

server {
    listen 80;
    server_name humbughq.com zephyr.humbughq.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443;

    ssl on;

    # The zephyr.humbughq.com cert uses the app.humbughq.com key.
    # It's good for https://humbughq.com too.
    ssl_certificate /etc/ssl/certs/zephyr.humbughq.com.combined-chain.crt;
    ssl_certificate_key /etc/ssl/private/app.humbughq.com.key;

    server_name humbughq.com zephyr.humbughq.com;

    # Avoid clickjacking attacks
    add_header X-Frame-Options DENY;

    # Downloadable software
    location /dist/ {
        autoindex on;
        alias /srv/www/dist/;
    }

    include /etc/nginx/humbug-include/app;
}