upstream staging { server staging0.zulipchat.net:443; keepalive 10000; } upstream prod { server prod0.zulipchat.net:443; keepalive 10000; } server { listen 80; location / { return 301 https://$host$request_uri; } include /etc/nginx/zulip-include/certbot; } server { listen www.zulipstaging.com:443 http2; server_name www.zulipstaging.com; ssl on; ssl_certificate /etc/letsencrypt/live/zulipchat.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/zulipchat.com/privkey.pem; location / { return 301 https://zulipstaging.com$request_uri; } include /etc/nginx/zulip-include/certbot; } server { # The listen needs to be `www.zulipstaging.com` since bare zulipstaging.com # is not a CNAME and thus has the public IP inside EC2 listen www.zulipstaging.com:443 http2; server_name zulipstaging.com *.zulipstaging.com; ssl on; ssl_certificate /etc/letsencrypt/live/zulipchat.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/zulipchat.com/privkey.pem; location / { proxy_pass https://staging/; include /etc/nginx/zulip-include/proxy; } # We don't need /api/v1/events/internal, because that doesn't go through the loadbalancer. location /json/events { proxy_pass https://staging; include /etc/nginx/zulip-include/proxy_longpolling; } location /api/v1/events { proxy_pass https://staging; include /etc/nginx/zulip-include/proxy_longpolling; } include /etc/nginx/zulip-include/certbot; } server { # The listen needs to be `www.zulipchat.com` since bare zulipchat.com # is not a CNAME and thus has the public IP inside EC2 listen www.zulipchat.com:443 http2; server_name www.zulipchat.com zulipchat.com www.zulip.com; ssl on; ssl_certificate /etc/letsencrypt/live/zulipchat.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/zulipchat.com/privkey.pem; location / { return 301 https://zulip.com$request_uri; } location /static { # The app loads static files from https://zulipchat.com/static, # so skip the redirect for those. proxy_pass https://prod; include /etc/nginx/zulip-include/proxy; } include /etc/nginx/zulip-include/certbot; } server { # The listen needs to be `www.zulipchat.com` since bare zulipchat.com # is not a CNAME and thus has the public IP inside EC2 listen www.zulipchat.com:443 default_server http2; server_name *.zulipchat.com zulip.com *.zulip.com; ssl on; ssl_certificate /etc/letsencrypt/live/zulipchat.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/zulipchat.com/privkey.pem; location / { proxy_pass https://prod; include /etc/nginx/zulip-include/proxy; } location /json/events { proxy_pass https://prod; include /etc/nginx/zulip-include/proxy_longpolling; } location /api/v1/events { proxy_pass https://prod; include /etc/nginx/zulip-include/proxy_longpolling; } include /etc/nginx/zulip-include/certbot; } server { listen chat.fhir.org:443 http2; server_name chat.fhir.org; ssl_certificate /etc/letsencrypt/live/chat.fhir.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/chat.fhir.org/privkey.pem; location / { proxy_pass https://prod; include /etc/nginx/zulip-include/proxy; } location /json/events { proxy_pass https://prod; include /etc/nginx/zulip-include/proxy_longpolling; } location /api/v1/events { proxy_pass https://prod; include /etc/nginx/zulip-include/proxy_longpolling; } include /etc/nginx/zulip-include/certbot; } server { listen uploads.zulipusercontent.net:443 http2; server_name uploads.zulipusercontent.net; ssl on; ssl_certificate /etc/letsencrypt/live/uploads.zulipusercontent.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/uploads.zulipusercontent.net/privkey.pem; location / { proxy_pass http://127.0.0.1:9292; include /etc/nginx/zulip-include/proxy; } include /etc/nginx/zulip-include/certbot; }