upstream wsgi_server {
  # fail_timeout=0 means we always retry an upstream even if it failed
  # to return a good HTTP response (in case the Unicorn master nukes a
  # single worker for timing out).

  server 127.0.0.1:2000 fail_timeout=0;
}

server {
    listen              80;
    server_name         {{ domain_names }};

    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/htpasswd;

    charset utf-8;

    # enable gzip compression
    gzip on;
    gzip_min_length  1100;
    gzip_buffers  4 32k;
    gzip_types    text/plain application/x-javascript text/xml text/css image/svg+xml;
    gzip_vary on;

    fastcgi_buffers 16 16k;
    fastcgi_buffer_size 32k;

    proxy_buffer_size 128k;
    proxy_buffers 4 256k;
    proxy_busy_buffers_size 256k;

    client_max_body_size 4G;

    access_log /var/log/nginx_access.log;
    error_log /var/log/nginx_error.log;

    location /static/ {
        alias   /var/www/{{ project }}_static/;
        expires 30d;
        add_header Pragma public;
        add_header Cache-Control "public";
    }

    location /media/ {
        alias   /var/www/{{ project }}_media/;
        expires 30d;
        add_header Pragma public;
        add_header Cache-Control "public";
    }

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;

        # Try to serve static files from nginx, no point in making an
        # *application* server like Unicorn/Rainbows! serve static files.
        if (!-f $request_filename) {
            proxy_pass http://wsgi_server;
            break;
        }
    }
}

# Redirect all failed requests
server {
   listen 80 default_server;
   server_name _;
   rewrite  ^/(.*)$  http://{{ fallback_domain_name }}/$1 permanent;
}
