infrastructure/nginx-conf/flask_wsgi.conf

include /etc/nginx/conf.d/sub/cache-uwsgi.conf;

upstream flask_server {
        # ip_hash;
        server flask_website:8080;
        # server flask_website:8080 weight=1 max_fails=3 fail_timeout=30s;

        # Or: server unix:/app/flask_server.sock;
}

# Redirect all http requests to the main server wordpress_server
server {
        listen 80;
        listen [::]:80;

        server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org;

        location ~ /.well-known/acme-challenge {
                allow all;
                root /var/www/flask;
        }

        location / {
                return 301 https://$host$request_uri;
        }
}


server {
        listen 443;
        listen [::]:443;

        server_name bensuperpc.org www.bensuperpc.org flask.bensuperpc.org www.flask.bensuperpc.org;

        include /etc/nginx/conf.d/sub/gzip.conf;

        # All things related to SSL
        ssl_certificate /etc/letsencrypt/live/bensuperpc.org/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/bensuperpc.org/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/bensuperpc.org/chain.pem;
        #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
        #add_header Strict-Transport-Security "max-age=31536000" always;

        include /etc/nginx/conf.d/sub/options-ssl-nginx.conf;

        location / { try_files $uri @flask_app; }

        location @flask_app {
                include uwsgi_params;
                uwsgi_pass flask_server;
                
                uwsgi_buffering on;
                uwsgi_buffers 8 16k;

                uwsgi_cache UWSGI;
                uwsgi_cache_valid 200 302 10m;
                uwsgi_cache_valid 301 1h;
                uwsgi_cache_valid any 1m;
                uwsgi_cache_lock on;

                #uwsgi_ignore_headers Vary;
                #uwsgi_hide_header Vary;

                uwsgi_ignore_headers Expires Cache-Control Set-Cookie Vary;
                uwsgi_hide_header Vary;

                add_header X-cache $upstream_cache_status;
        }

        # Don't write to accesslog for these files
        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }
        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }
}