server {
    listen 443;
    server_name $SERVER_NAME;
    resolver $DNS_ADDRESS [::1]:5353 valid=30s;
    rewrite ^/$ https://$SERVER_NAME/$ENGINE_URL  redirect;
    ssl_certificate /etc/nginx/cert.crt;
    ssl_certificate_key /etc/nginx/cert.key;
    ssl on;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;
    set $es_endpoint $ES_endpoint;
    set $cognito_endpoint $cognito_host;
    location ^~ /$ENGINE_URL {
        # Forward requests to Kibana
        proxy_pass https://$es_endpoint;
        # Handle redirects to Amazon Cognito
        proxy_redirect https://$cognito_endpoint  https://$SERVER_NAME; 
        # Update cookie domain and path
        proxy_cookie_domain $es_endpoint $SERVER_NAME;
        # Response buffer settings
        proxy_buffer_size 128k;
        proxy_buffers 4 256k;
        proxy_busy_buffers_size 256k;
        # Ignore client disconnection
        proxy_ignore_client_abort  on;
    }
    location ~ \/(log|sign|error|fav|forgot|change|confirm|mfa) {
        # Forward requests to Cognito
        proxy_pass https://$cognito_endpoint; 
        # Handle redirects to Kibana
        proxy_redirect https://$es_endpoint  https://$SERVER_NAME;
        # Handle redirects to Amazon Cognito
        proxy_redirect https://$cognito_endpoint  https://$SERVER_NAME; 
        # Update cookie domain
        proxy_cookie_domain $cognito_endpoint $SERVER_NAME;
        # Ignore client disconnection
        proxy_ignore_client_abort  on;
        internal;
    }
}