upstream cap_application {

# Path to Puma SOCK file, as defined previously
server unix://cap_shared_path/sockets/puma.sock fail_timeout=0;

}

server {

listen 80;

if ( $scheme = 'http' ) {
    rewrite ^/(.*) https://$host/$1;
}

}

server {

listen 443;
ssl on;
ssl_certificate /etc/ssl/cap_application.crt;
ssl_certificate_key /etc/ssl/cap_application.key;
server_name cap_domain;
ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

root cap_current_path/public;

try_files $uri/index.html $uri @cap_application;

location @cap_application {
    proxy_pass http://cap_application;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $host:443;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-Port 443;
    proxy_set_header X-Forwarded-Proto https;
    proxy_redirect off;
}

location /cable {
    proxy_pass http://cap_application;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto https;
    proxy_redirect off;
}

error_page 500 502 503 504 /500.html;
client_max_body_size 1G;
keepalive_timeout 10;

}