# Copyright (C) The Arvados Authors. All rights reserved.
#
# SPDX-License-Identifier: Apache-2.0

daemon off;
error_log "{{ERRORLOG}}" info;          # Yes, must be specified here _and_ cmdline
events {
}
http {
  log_format customlog
    '[$time_local] "$http_x_request_id" $server_name $status $body_bytes_sent $request_time $request_method "$scheme://$http_host$request_uri" $remote_addr:$remote_port '
    '"$http_referer" "$http_user_agent"';
  access_log "{{ACCESSLOG}}" customlog;
  client_body_temp_path "{{TMPDIR}}";
  proxy_temp_path "{{TMPDIR}}";
  fastcgi_temp_path "{{TMPDIR}}";
  uwsgi_temp_path "{{TMPDIR}}";
  scgi_temp_path "{{TMPDIR}}";
  upstream arv-git-http {
    server localhost:{{GITPORT}};
  }
  server {
    listen *:{{GITSSLPORT}} ssl default_server;
    server_name arv-git-http;
    ssl_certificate "{{SSLCERT}}";
    ssl_certificate_key "{{SSLKEY}}";
    location  / {
      proxy_pass http://arv-git-http;
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_redirect off;
    }
  }
  upstream keepproxy {
    server localhost:{{KEEPPROXYPORT}};
  }
  server {
    listen *:{{KEEPPROXYSSLPORT}} ssl default_server;
    server_name keepproxy;
    ssl_certificate "{{SSLCERT}}";
    ssl_certificate_key "{{SSLKEY}}";
    location  / {
      proxy_pass http://keepproxy;
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_redirect off;

      proxy_http_version 1.1;
      proxy_request_buffering off;
    }
  }
  upstream keep-web {
    server localhost:{{KEEPWEBPORT}};
  }
  server {
    listen *:{{KEEPWEBSSLPORT}} ssl default_server;
    server_name keep-web;
    ssl_certificate "{{SSLCERT}}";
    ssl_certificate_key "{{SSLKEY}}";
    location  / {
      proxy_pass http://keep-web;
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_redirect off;

      client_max_body_size 0;
      proxy_http_version 1.1;
      proxy_request_buffering off;
    }
  }
  server {
    listen *:{{KEEPWEBDLSSLPORT}} ssl default_server;
    server_name keep-web-dl ~.*;
    ssl_certificate "{{SSLCERT}}";
    ssl_certificate_key "{{SSLKEY}}";
    location  / {
      proxy_pass http://keep-web;
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_redirect off;

      client_max_body_size 0;
      proxy_http_version 1.1;
      proxy_request_buffering off;
    }
  }
  upstream ws {
    server localhost:{{WSPORT}};
  }
  server {
    listen *:{{WSSPORT}} ssl default_server;
    server_name websocket;
    ssl_certificate "{{SSLCERT}}";
    ssl_certificate_key "{{SSLKEY}}";
    location  / {
      proxy_pass http://ws;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_redirect off;
    }
  }
  upstream controller {
    server localhost:{{CONTROLLERPORT}};
  }
  server {
    listen *:{{CONTROLLERSSLPORT}} ssl default_server;
    server_name controller;
    ssl_certificate "{{SSLCERT}}";
    ssl_certificate_key "{{SSLKEY}}";
    location  / {
      proxy_pass http://controller;
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_redirect off;
    }
  }
}