proxy_http_version 1.1;

# http://nginx.org/en/docs/http/websocket.html
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

upstream lt-server {
    server 127.0.0.1:2000;
}

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    server_name .localtunnel.me;

    location / {
        proxy_pass http://lt-server/;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        proxy_redirect off;
    }
}

server {
    listen 443 default_server ssl spdy;
    listen [::]:443 default_server ipv6only=on;

    server_name .localtunnel.me;

    ssl on;

    ssl_certificate      /etc/nginx/ssl/STAR.localtunnel.me.crt;
    ssl_certificate_key  /etc/nginx/ssl/STAR.localtunnel.me.key;

    ssl_protocols              SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                RC4:HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    ssl_session_cache    shared:SSL:10m;
    ssl_session_timeout  10m;

    location / {
        proxy_pass http://lt-server/;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header Connection $connection_upgrade;

        proxy_redirect off;
    }
}
