server {
	listen 80;
	listen [::]:80;

	server_name {{ domain }} 1.omt.regensburg.freifunk.net 2.omt.regensburg.freifunk.net 3.omt.regensburg.freifunk.net 4.omt.regensburg.freifunk.net;

	location /.well-known/acme-challenge {
		default_type "text/plain";
		alias /var/www/acme-challenge;
	}

	location / {
		return 301 https://$host$request_uri;
	}
}

proxy_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=tilecache:10m max_size=1g;

server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	server_name {{ domain }} 1.omt.regensburg.freifunk.net 2.omt.regensburg.freifunk.net 3.omt.regensburg.freifunk.net 4.omt.regensburg.freifunk.net;

	ssl_certificate_key /etc/nginx/ssl/{{ domain }}.key;
	ssl_certificate /etc/nginx/ssl/{{ domain }}.crt;

	location ~ /d/(.*) {
		proxy_pass http://10.90.224.104:8080/styles/basic-preview/$1;

		proxy_cache tilecache;
		proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
		proxy_cache_valid 200 1d;
		proxy_cache_valid any 1m;

		proxy_ignore_headers Expires Cache-Control;

		expires 7d;
	}

	location ~ /n/(.*) {
		proxy_pass http://10.90.224.104:8080/styles/custom/$1;

		proxy_cache tilecache;
		proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
		proxy_cache_valid 200 1d;
		proxy_cache_valid any 1m;

		proxy_ignore_headers Expires Cache-Control;

		expires 7d;
	}
}