# so that the Connection header is correctly set to close when the Upgrade header in the request is set to ''. 
map $http_upgrade $connection_upgrade {
	default upgrade;
	'' close;
}

server {
	listen 443 ssl;

	# Tenant-supplied SSL Certificate
	ssl_certificate      /etc/nginx/ssl/SSL_certificate_tenant_com.crt;
	ssl_certificate_key  /etc/nginx/ssl/SSL_certificate_tenant_com.key;

	# Self Signed Certificates not supported for Websocket connections
	#ssl_certificate      /etc/ssl/certs/ssl-cert-snakeoil.pem;
	#ssl_certificate_key  /etc/ssl/private/ssl-cert-snakeoil.key;

	server_name cyferd.tenant.com;

		access_log  /var/log/nginx/access_cyferd.log;
		error_log   /var/log/nginx/error_cyferd.log;

	root /var/www/html;

	proxy_redirect off;
	proxy_http_version 1.1;

	# websocket (see http://nginx.org/en/docs/http/websocket.html)
	location /api/websocket {
		proxy_pass https://ingress-us.cyferd.cloud/api/websocket;
		proxy_http_version 1.1;
		proxy_set_header X-Forwarded-Host  $http_host;
		proxy_set_header X-Forwarded-Proto $scheme;

		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection $connection_upgrade;
	}

	location / {
		proxy_pass https://ingress-us.cyferd.cloud/;
		proxy_http_version 1.1;
		proxy_set_header X-Forwarded-Host  $http_host;
		proxy_set_header X-Forwarded-Proto $scheme;
	}
}