upstream app-gunicorn {
    server unix:/data/sockets/gunicorn-mhackspace.sock fail_timeout=0;
}
upstream app-bjoern {
    server unix:/data/sockets/bjoern-mhackspace.sock fail_timeout=0;
}


server {
    listen 80;
    server_name dev.maidstone-hackspace.org.uk;
    root /var/www/maidstone-hackspace-website;

    # resolver 8.8.8.8;
    resolver 127.0.0.11;

    server_tokens off;
    add_header X-Frame-Options "ALLOW-FROM riot.im";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header Strict-Transport-Security max-age=15768000;

    error_page 404 = /404.htm;

    # only for dev to test different wsgi servers
    set $upstream "django:8000";
    if ($http_cookie ~ "proxy_override=([\w-]+)") {
        set $upstream $1;
    }

     location /media {
         alias /var/www/maidstone-hackspace-website/mhackspace/media;
         expires 1d;
         add_header Pragma public;
         add_header Cache-Control "public";
     }


    location / {
        access_log on;
        proxy_redirect off;
        proxy_pass_header Server;
        resolver 127.0.0.11;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-SSL-Protocol $ssl_protocol;

        proxy_pass http://$upstream;
        proxy_ssl_session_reuse off;
    }

}