server {
  listen 443 ssl spdy;
  server_name  https.cio.gov;

  ssl_certificate      /etc/nginx/ssl/keys/https.cio.gov.chained.crt;
  ssl_certificate_key  /etc/nginx/ssl/keys/https.cio.gov.key;
  include ssl/ssl.rules;

  error_page 404 /404/index.html;
  error_page 500 /500/index.html;

  location / {
      root /home/site/production/current/_site;
      default_type text/html;
  }

  # production hook runs on port 4000
  location /deploy {
    proxy_pass http://localhost:4000/;
    proxy_http_version 1.1;
    proxy_redirect off;

      proxy_set_header Host   $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_max_temp_file_size 0;

      proxy_connect_timeout 10;
      proxy_send_timeout    30;
      proxy_read_timeout    30;
  }

  access_log  /home/site/production/nginx_access.log main;
  error_log  /home/site/production/nginx_error.log;
}

# redirect for those clients not preloaded with https.cio.gov
server {
    listen 80;
    server_name https.cio.gov;
    return 301 https://https.cio.gov$request_uri;
}