#####################################################
# The Zen Garden Network                            #
#                                                   #
# Configuration : {{ proxy_site_conf_dir }}/{{ item.key }}.conf  #
# Version       : {{ proxy_site_version }}-{{ proxy_site_revision }}               #
#                                                   #
# Chris H. <chris@thezengarden.net>                 #
#####################################################


### Configuration for: {{ item.key }}
################################################
{% if proxy_site_dontlog_ips is defined %}
map $remote_addr $log_ip {
{% for item in proxy_site_dontlog_ips %}
  "~{{ item }}" 0;
{% endfor %}
  default 1;
}
{% endif %}


{% if proxy_sites[item.key]['upstream_servers'] is defined %}
upstream {{ proxy_sites[item.key]['dest'] }} {
{% if proxy_load_balance_type is defined %}
  {{ proxy_load_balance_type }};
{% endif %}
{% for upstream in proxy_sites[item.key]['upstream_servers'] %}
  server {{ upstream }};
{% endfor %}
}
{% endif %}


server {
  listen 443 ssl;
  server_name {{ item.key }} {% if proxy_sites[item.key]['aliases'] is defined %}{{ proxy_sites[item.key]['aliases'] }}{% endif %};

  ssl_certificate           {{ proxy_sites[item.key]['ssl_cert'] | default(proxy_site_ssl_certificate) }};
  ssl_certificate_key       {{ proxy_sites[item.key]['ssl_key'] | default(proxy_site_ssl_certificate_key) }};
  ssl_session_cache shared:SSL:10m;
  ssl_protocols  {{ proxy_site_ssl_protocols }};
  ssl_ciphers {{ proxy_site_ssl_ciphers }};
  ssl_prefer_server_ciphers on;

  {% if proxy_site_dontlog_ips is defined %}
access_log    {{ proxy_site_log_path }}/{{ item.key }}.log combined if=$log_ip;
  {% else %}
access_log    {{ proxy_site_log_path }}/{{ item.key }}.log combined;
  {% endif %}

  {% if proxy_sites[item.key]['max_upload'] is defined %}
client_max_body_size {{ proxy_sites[item.key]['max_upload'] }};
  {% endif %}

  {% if proxy_sites[item.key]['status_page'] is defined %}
location /nginx_status {
    stub_status;
  }
  {% endif %}

  location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $host;

    proxy_set_header   Upgrade            $http_upgrade;
    proxy_set_header   Connection         "upgrade";

    {% if proxy_sites[item.key]['port'] is defined %}
    proxy_pass {{ proxy_sites[item.key]['proto'] }}://{{ proxy_sites[item.key]['dest'] }}:{{ proxy_sites[item.key]['port'] }};
    {% else %}
    proxy_pass {{ proxy_sites[item.key]['proto'] }}://{{ proxy_sites[item.key]['dest'] }};
    {% endif %}


    # re-write redirects to http as to https
    proxy_redirect http:// https://;


    # set buffer sizes (for keycloak user reg)
    proxy_buffer_size 128k;
    proxy_buffers 4 256k;
    proxy_busy_buffers_size 256k;
  }

{% if item.key == "seafile.thezengarden.net" %}
  location /seafhttp {
    rewrite ^/seafhttp(.*)$ $1 break;
    proxy_pass {{ proxy_sites[item.key]['proto'] }}://{{ proxy_sites[item.key]['dest'] }}:{{ proxy_sites[item.key]['seafhttp_port'] }};
    client_max_body_size 0;

    proxy_connect_timeout  36000s;
    proxy_read_timeout  36000s;
    proxy_send_timeout  36000s;
    send_timeout  36000s;
    proxy_request_buffering off;
  }
{% endif %}
}