    # virtual host configuration for labterminologie.nl, reverse proxy to tomcat
    server {
        client_max_body_size 40M;

        listen 443 default ssl;
        keepalive_timeout   70;

        server_name labterminologie.nl;

        error_page 404 502 503 504 /50x.html;

        # fix for error: upstream timed out (110: Connection timed out
        # increase proxy timeout for the whole server
        proxy_read_timeout 300;

        location = /50x_labterminologie.html {
           root   html;
           allow all;
        }

        ssl on;
        # ssl_certificate     /usr/local/nginx/conf/ssl/2015_04_labterminologie_nl.crt;
        # ssl_certificate     /etc/nginx/ssl/2015_04_labterminologie_nl.crt;
        # ssl_certificate_key /usr/local/nginx/conf/ssl/2015_04_labterminologie_nl.key;
        # ssl_certificate_key /etc/nginx/ssl/2015_04_labterminologie_nl.key;
        ssl_certificate  /etc/letsencrypt/live/labterminologie.nl/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/labterminologie.nl/privkey.pem;

        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        # disable RC4: ssl_ciphers RC4:HIGH:!aNULL:!MD5;
	ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
        ssl_prefer_server_ciphers on;
        ssl_session_cache   shared:SSL:10m;
        ssl_session_timeout 10m;

        charset utf-8;
        # access_log /srv/www/vhosts/labterminologie.nl_nginx/logs/access.log main;
        # access_log logs/labterminologie.nl_nginx.access.log main;
        access_log /var/log/nginx/labterminologie.nl_nginx.access.log main;

    location /.well-known/acme-challenge {
        root /var/www/letsencrypt;
    }


### START ELAB mysql
#         # TODO: this should be cgi instead of apache
#         # rewrite labterminologie.nl/ to port 8078
#         location / {
#                 rewrite ^/$ /elab break;
#                 proxy_pass http://127.0.0.1:8078/;
#         }
#         # end of location / block

         # TODO: this should be cgi instead of apache
         # rewrite labterminologie.nl/elab to port 8078
         location /elab {
                 proxy_pass http://localhost:8078/elab;
         }
         # end of location /elab

         # TODO: this should be cgi instead of apache
         # rewrite labterminologie.nl/materialen to port 8078
         location /materialen {
                 proxy_pass http://localhost:8078/materialen;
        }
        # end of location /materialen
### END ELAB mysql

### START ART-DECOR

# SET this to /elab, above for the moment, and switch to this one later on
        # redirect terminologie.nictiz.nl to /art-decor/home
        location / {
            return 301 https://$host/art-decor/labconcepts;
        }
        # end of location / block

        # redirect terminologie.nictiz.nl/snomed to /art-decor/snomed-ct
        location /snomed {
            return 301 https://$host/art-decor/snomed-ct;
        }
        # end of location /snomed block

        # rewrite terminologie.nictiz.nl/art-decor to orbeon port 8080/art-decor
        location /art-decor {
                proxy_pass http://127.0.0.1:8080/art-decor;
        }
        # end of location /art-decor

#        # rewrite /lab-data to port 8877/
#        location /lab-data {
#                proxy_pass http://localhost:8877/exist/apps/lab-data;
#        }
#        # end of location /lab-data

        # rewrite /lab to port 8877/
        location /lab {
                proxy_pass http://localhost:8877/exist/apps/lab;
        }
        # end of location /lab


        # rewrite terminologie.nictiz.nl/art-decor to orbeon port 8080/art-decor
#        location /lab {
#           #     proxy_pass http://127.0.0.1:8080/lab;
#proxy_pass http://localhost:8080/lab;
#        }
#        # end of location /art-decor


        # rewrite terminologie.nictiz.nl/services to port 8877
           location /services/viewConcept {
             # rewrite ^/services$ /services break;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-Proto https;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_pass http://127.0.0.1:8877/services/viewConcept;
       }
       # end of location /services/viewConcept block

        # rewrite terminologie.nictiz.nl/terminology to port 8877
           location /terminology {
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-Proto https;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_pass http://127.0.0.1:8877/terminology;
       }
       # end of location /terminology block

# serve static content
       location /favicon.ico {
           root /usr/share/tomcat/webapps/ROOT/;
       }

        location ~* ^/img/.+.(jpg|jpeg|gif|png|ico)$ {
            root /usr/share/tomcat/webapps/art-decor/WEB-INF/resources/;
        }
        # end of static location block for /img

### END ART-DECOR

    }
    # end of labterminologie.nl server block


