nodejs

# The first node application
upstream app-one {
    server 127.0.0.1:3000 max_fails=0;
}

# The second node application
upstream app-two {
    server 127.0.0.1:3001 max_fails=0;
}

# Server configuration for the first node application
server {
    listen 443;
    ssl on;
    ssl_certificate /etc/ssl/certs/server-app-one.crt;
    ssl_certificate_key /etc/ssl/private/server-app-one.key;

    # Server triggered by incoming subdomain name
    server_name app-one.website.com;

    add_header Strict-Transport-Security max-age=500;

    # Sends all requests to application one
    location / {
        proxy_pass http://app-one;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
    }
}

# Server configuration for the second node application
server {
    listen 443;
    ssl on;
    ssl_certificate /etc/ssl/certs/server-app-two.crt;
    ssl_certificate_key /etc/ssl/private/server-app-two.key;

    # Server triggered by incoming subdomain name
    server_name app-two.website.com;

    add_header Strict-Transport-Security max-age=500;

    # Sends all requests to application two
    location / {
        proxy_pass http://app-two;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
    }
}

# Default server, rejects all requests
# This path is only taken if all above fail
server {
    listen 443 default_server;
    ssl on;
    ssl_certificate /etc/ssl/certs/server-default.crt;
    ssl_certificate_key /etc/ssl/private/server-default.key;

    add_header Strict-Transport-Security max-age=500;

    location / {
        deny all;
    }
}