server {
	listen   60.234.72.6:80;
	listen   60.234.72.6:443;
	server_name  inode.co.nz www.inode.co.nz;

	access_log /var/log/nginx/inode.co.nz.access.log;

	ssl on;
	ssl_certificate     /etc/ssl/private/inode.co.nz.server.certificate.pem;
	ssl_certificate_key /etc/ssl/private/inode.co.nz.SSL.key;


	location ~ \.(html|css|js|png|gif|jpg|svg|ico|txt)$ {
		if ($scheme = https) {
			# Refuse to serve static content under HTTPS
			rewrite ^/(.*)$ http://$host/$1 break;
		}
		# Intercept and serve static files directly
		if ($request_uri ~ /wp-uploads/.*$) {
			rewrite ^/wp-uploads/(.*)$ /$1 break;
			root /var/www/wp-uploads/inode.co.nz;
		}
		if ($request_uri !~ /wp-uploads/.*$) {
			root /var/www/inode.co.nz;
		}
	}

	location / {
		# Choose the proxy based on the current encryption scheme
		if ($scheme = http) {
			proxy_pass http://127.0.1.1:80;
		}
		if ($scheme = https) {
			proxy_pass https://127.0.1.1:443;
		}

		# Make the proxied request look as natural as possible
		proxy_redirect off;
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # mod_rpaf will unpick this in Apache
	}
}