zulip/puppet/zulip_ops/files/nginx/sites-available/loadbalancer

upstream staging {
    server staging0.zulipchat.net:443;

    keepalive 10000;
}

upstream prod {
    server prod0.zulipchat.net:443;

    keepalive 10000;
}

server {
    listen 80;
    location / {
        return 301 https://$host$request_uri;
    }

    include /etc/nginx/zulip-include/certbot;
}

server {
    # The listen needs to be `www.zulipstaging.com` since bare zulipstaging.com
    # is not a CNAME and thus has the public IP inside EC2
    listen www.zulipstaging.com:443 http2;
    server_name zulipstaging.com *.zulipstaging.com;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/zulipchat.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/zulipchat.com/privkey.pem;

    location / {
        proxy_pass https://staging/;
        include /etc/nginx/zulip-include/proxy;
    }

    # We don't need /api/v1/events/internal, because that doesn't go through the loadbalancer.
    location ~ /json/events|/api/v1/events {
        proxy_pass https://staging;
        include /etc/nginx/zulip-include/proxy_longpolling;
    }

    include /etc/nginx/zulip-include/certbot;
}

server {
    # The listen needs to be `www.zulipchat.com` since bare zulipchat.com
    # is not a CNAME and thus has the public IP inside EC2
    listen www.zulipchat.com:443 default_server http2;
    server_name zulipchat.com *.zulipchat.com;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/zulipchat.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/zulipchat.com/privkey.pem;

    location / {
        proxy_pass https://prod;
        include /etc/nginx/zulip-include/proxy;
    }

    location ~ /json/events|/api/v1/events {
        proxy_pass https://prod;
        include /etc/nginx/zulip-include/proxy_longpolling;
    }

    include /etc/nginx/zulip-include/certbot;
}

server {
    # The listen needs to be `www.zulip.com` since bare zulip.com
    # is not a CNAME and thus has the public IP inside EC2
    listen www.zulip.com:443 http2;
    server_name zulip.com *.zulip.com;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/zulipchat.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/zulipchat.com/privkey.pem;

    location / {
        proxy_pass https://prod;
        include /etc/nginx/zulip-include/proxy;
    }

    location ~ /json/events|/api/v1/events {
        proxy_pass https://prod;
        include /etc/nginx/zulip-include/proxy_longpolling;
    }

    include /etc/nginx/zulip-include/certbot;
}

server {
    listen chat.hl7.org:443 http2;
    server_name chat.hl7.org;
    ssl_certificate /etc/letsencrypt/live/chat.hl7.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/chat.hl7.org/privkey.pem;

    location / {
        proxy_pass https://prod;
        include /etc/nginx/zulip-include/proxy;
    }

    location ~ /json/events|/api/v1/events {
        proxy_pass https://prod;
        include /etc/nginx/zulip-include/proxy_longpolling;
    }

    include /etc/nginx/zulip-include/certbot;
}

server {
    listen uploads.zulipusercontent.net:443 http2;
    server_name uploads.zulipusercontent.net;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/uploads.zulipusercontent.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/uploads.zulipusercontent.net/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:9292;
        include /etc/nginx/zulip-include/proxy;
    }

    include /etc/nginx/zulip-include/certbot;
}