# This file should be put under /etc/nginx/conf.d/
# Or place as /etc/nginx/nginx.conf

user nginx;
worker_processes auto;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    real_ip_header X-Forwarded-For;
    real_ip_recursive on;
    set_real_ip_from 127.0.0.1;
    set_real_ip_from ::1;
    set_real_ip_from 10.0.0.0/8;
    set_real_ip_from 172.16.0.0/12;
    set_real_ip_from 192.168.0.0/16;
    include       /etc/nginx/mime.types;
    include options-ssl.conf;
    include options-http-headers.conf;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    map $http_x_forwarded_for $forwarded_for {
        ""      $remote_addr;
        default $http_x_forwarded_for;
    }

    server {
        listen 80;
        listen [::]:80;
        server_name __SERVER_NAME__;
        return 301 https://$host$request_uri;
    }

    server {
        listen 443 ssl;
        listen [::]:443 ssl;
        http2 on;
        server_name __SERVER_NAME__;

        error_log /var/log/nginx/error.log warn;
        access_log  /var/log/nginx/access.log main;

        ssl_certificate /etc/nginx/certs/certificate.pem;
        ssl_certificate_key /etc/nginx/certs/key.pem;
        include options-ssl.conf;
        include options-https-headers.conf;

        client_max_body_size 50M;

        location /ws/ {
            proxy_pass  http://127.0.0.1:8001;
            include options-https-headers.conf;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $forwarded_for;
            proxy_set_header X-Forwarded-Proto  $scheme;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_read_timeout 1h;
        }

        location / {
            proxy_pass  http://127.0.0.1:8000;
            include options-https-headers.conf;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $forwarded_for;
            proxy_set_header X-Forwarded-Proto  $scheme;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_read_timeout 1h;
            }
    }

    access_log  /var/log/nginx/access.log main;
    types_hash_bucket_size 128;
}