#--------------------------------------------------------
# Nuxt.JS server configuration
#--------------------------------------------------------
proxy_cache_path /tmp/cacheapi levels=1:2 keys_zone=microcacheapi:100m max_size=1g inactive=1d use_temp_path=off;



map $sent_http_content_type $expires {
    "text/html"                 epoch;
    "text/html; charset=utf-8"  epoch;
    default                     off;
}

server {
    listen 80;
    listen [::]:80;
    access_log  off;
    error_log   off;
    server_name domain.com;


    location ~ /.well-known/acme-challenge {
         
         root /var/www/certbot;
    }


   return 301 https://$server_name$request_uri;
}

server {
    listen [::]:443 ssl http2;
    listen 443 ssl http2;
    access_log off;
    server_name domain.com;
	ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;


    location ~ /.well-known/acme-challenge {
         
         root /var/www/certbot;
    }
   
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    charset utf-8;

    location / {
        # Proxy to Node.JS instance
        proxy_pass http://client:3000;

        expires $expires;

        proxy_redirect                      off;
        proxy_set_header X-Real-IP          $remote_addr;
        proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto  $scheme;
        proxy_read_timeout                  1m;
        proxy_connect_timeout               1m;

        # Websocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

  location ~ /\. {
    access_log    off;
    log_not_found off;
    deny all;
  }
}


server {
    listen 80;
    listen [::]:80;
    access_log  off;
    error_log   off;
	server_name admin.domain.com;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }
    return 301 https://$server_name$request_uri;
}

server {
    listen [::]:443 ssl http2;
    listen 443 ssl http2;
    server_name admin.domain.com;
    access_log off;

    # Micro caching
    proxy_cache microcacheapi;
    proxy_cache_valid 200 1s;
    proxy_cache_use_stale updating;
    proxy_cache_background_update on;
    proxy_cache_lock on;

    ssl_certificate /etc/letsencrypt/live/admin.domain.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/admin.domain.com/privkey.pem;


location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    index index.php index.html;
    root /var/www/backend/public;
    charset utf-8;

    client_max_body_size 20m;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /index.php;

    # Handle all php files (which will always be just /index.php)
    # via factcgi PHP-FPM unix socket
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass app:9000;
        fastcgi_index index.php;
        # For comfortable debugging
        fastcgi_read_timeout 1000;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}