#!/usr/bin/env bash
set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x

APP="$1"; PORT="$2"
WILDCARD_SSL="$DOKKU_ROOT/tls"
SSL="$DOKKU_ROOT/$APP/tls"

set +e
NO_VHOST=$(dokku config:get $APP NO_VHOST)
set -e

if [[ -n "$NO_VHOST" ]]; then
  echo "-----> NO_VHOST config detected"
fi

if [[ -f "$DOKKU_ROOT/VHOST" && ! -n "$NO_VHOST" ]]; then
  VHOST=$(< "$DOKKU_ROOT/VHOST")
  SUBDOMAIN=${APP/%\.${VHOST}/}
  hostname=$(: | pluginhook nginx-hostname $APP $SUBDOMAIN $VHOST)
  if [[ ! -n $hostname ]]; then
    if [[ "$APP" == *.* ]] && [[ "$SUBDOMAIN" == "$APP" ]]; then
      hostname="${APP/\//-}"
    else
      hostname="${APP/\//-}.$VHOST"
    fi
  fi

  if [[ -e "$SSL/server.crt" ]] && [[ -e "$SSL/server.key" ]]; then
    SSL_INUSE="$SSL"
    SSL_DIRECTIVES=$(cat <<EOF
  ssl_certificate     $SSL_INUSE/server.crt;
  ssl_certificate_key $SSL_INUSE/server.key;
EOF
)
  elif  [[ -e "$WILDCARD_SSL/server.crt" ]] && [[ -e "$WILDCARD_SSL/server.key" ]] && [[ $hostname = `openssl x509 -in $WILDCARD_SSL/server.crt -noout -subject | tr '/' '\n' | grep CN= | cut -c4-` ]]; then
    SSL_INUSE="$WILDCARD_SSL"
    SSL_DIRECTIVES=""
  fi

  if [[ -n "$SSL_INUSE" ]]; then
    echo "-----> Creating ssl nginx.conf"
    cat<<EOF > $DOKKU_ROOT/$APP/nginx.conf
upstream $APP { server 127.0.0.1:$PORT; }
server {
  listen      [::]:80;
  listen      80;
  server_name $hostname;
  return 301 https://\$host\$request_uri;
}

server {
  listen      [::]:443 ssl spdy;
  listen      443 ssl spdy;
  server_name $hostname;
$SSL_DIRECTIVES

  keepalive_timeout   70;
  add_header          Alternate-Protocol  443:npn-spdy/2;

  location    / {
    proxy_pass  http://$APP;
    proxy_http_version 1.1;
    proxy_set_header Upgrade \$http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host \$http_host;
    proxy_set_header X-Forwarded-Proto \$scheme;
    proxy_set_header X-Forwarded-For \$remote_addr;
    proxy_set_header X-Forwarded-Port \$server_port;
    proxy_set_header X-Request-Start \$msec;
  }
  include $DOKKU_ROOT/$APP/nginx.conf.d/*.conf;
}
EOF

    echo "https://$hostname" > "$DOKKU_ROOT/$APP/URL"
  else
    echo "-----> Creating non-ssl nginx.conf"
    cat<<EOF > $DOKKU_ROOT/$APP/nginx.conf
upstream $APP { server 127.0.0.1:$PORT; }
server {
  listen      [::]:80;
  listen      80;
  server_name $hostname;
  location    / {
    proxy_pass  http://$APP;
    proxy_http_version 1.1;
    proxy_set_header Upgrade \$http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host \$http_host;
    proxy_set_header X-Forwarded-Proto \$scheme;
    proxy_set_header X-Forwarded-For \$remote_addr;
    proxy_set_header X-Forwarded-Port \$server_port;
    proxy_set_header X-Request-Start \$msec;
  }
  include $DOKKU_ROOT/$APP/nginx.conf.d/*.conf;
}
EOF

    echo "http://$hostname" > "$DOKKU_ROOT/$APP/URL"
  fi

  echo "-----> Running nginx-pre-reload"
  pluginhook nginx-pre-reload $APP $PORT

  echo "       Reloading nginx"
  case "$DOKKU_DISTRO" in
    ubuntu)
      sudo /etc/init.d/nginx reload > /dev/null
      ;;

    opensuse)
      sudo /sbin/service nginx reload > /dev/null
      ;;
  esac
else
  if [[ -f "$DOKKU_ROOT/$APP/URL" ]]; then
    echo "------> NO_VHOST set, deleting $APP/URL"
    rm "$DOKKU_ROOT/$APP/URL"
  fi
  if [[ -f "$DOKKU_ROOT/$APP/nginx.conf" ]]; then
    echo "------> NO_VHOST set, deleting $APP/nginx.conf"
    rm "$DOKKU_ROOT/$APP/nginx.conf"
    echo "------> NO_VHOST set, reloading nginx after nginx.conf deletion"
    case "$DOKKU_DISTRO" in
      ubuntu)
        sudo /etc/init.d/nginx reload > /dev/null
        ;;

      opensuse)
        sudo /sbin/service nginx reload > /dev/null
        ;;
    esac
    sudo /etc/init.d/nginx reload > /dev/null
  fi
fi
