user http;
worker_processes 4;

# error_log /tmp/nginx.error.log;
error_log stderr;

include /usr/share/kvmd/extras/*/nginx.main-ctx.conf;

events {
	worker_connections 1024;
	use epoll;
	multi_accept on;
}

http {
	access_log off;

	include /etc/nginx/mime-types.conf;
	default_type application/octet-stream;
	charset utf-8;

	absolute_redirect off;
	index index.html;

	sendfile on;
	tcp_nodelay on;
	tcp_nopush on;
	keepalive_timeout 10;
	client_max_body_size 4k;

	client_body_temp_path	/tmp/nginx.client_body_temp;
	fastcgi_temp_path		/tmp/nginx.fastcgi_temp;
	proxy_temp_path			/tmp/nginx.proxy_temp;
	scgi_temp_path			/tmp/nginx.scgi_temp;
	uwsgi_temp_path			/tmp/nginx.uwsgi_temp;

	upstream kvmd {
		server 127.0.0.1:8081 fail_timeout=0s max_fails=0;
	}

	upstream ustreamer {
		server 127.0.0.1:8082 fail_timeout=0s max_fails=0;
	}

	include /usr/share/kvmd/extras/*/nginx.http-ctx.conf;

#PROD	server {
#PROD		listen 80;
#PROD		server_name localhost;
#PROD		return 301 https://$host$request_uri;
#PROD	}

	server {
#PROD		listen 443 ssl http2;
		server_name localhost;

#PROD		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#PROD		ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
#PROD		ssl_certificate /etc/nginx/ssl/server.crt;
#PROD		ssl_certificate_key /etc/nginx/ssl/server.key;

#PROD		add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

		auth_request /auth;

		location = /auth {
			internal;
			proxy_pass http://kvmd/auth/check;
			proxy_pass_request_body off;
			proxy_set_header Content-Length "";
			auth_request off;
		}

		location / {
			root /usr/share/kvmd/web;
			error_page 401 = @login;
			error_page 403 = @login;
		}

		location @login {
			return 302 /login;
		}

		location /login {
			root /usr/share/kvmd/web;
			auth_request off;
		}

		location /share {
			root /usr/share/kvmd/web;
			auth_request off;
		}

		location = /favicon.ico {
			alias /usr/share/kvmd/web/favicon.ico;
			auth_request off;
		}

		location = /robots.txt {
			alias /usr/share/kvmd/web/robots.txt;
			auth_request off;
		}

		location /kvmd/ws {
			rewrite ^/kvmd/ws$ /ws break;
			rewrite ^/kvmd/ws\?(.*)$ /ws?$1 break;
			proxy_pass http://kvmd;
			include /etc/nginx/proxy-params.conf;
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection "upgrade";
			proxy_connect_timeout 7d;
			proxy_send_timeout 7d;
			proxy_read_timeout 7d;
			auth_request off;
		}

		location /kvmd/msd/write {
			rewrite ^/kvmd/msd/write$ /msd/write break;
			rewrite ^/kvmd/msd/write\?(.*)$ /msd/write?$1 break;
			proxy_pass http://kvmd;
			include /etc/nginx/proxy-params.conf;
			limit_rate 6250k;
			limit_rate_after 50k;
			client_max_body_size 0;
			proxy_request_buffering off;
			auth_request off;
		}

		location /kvmd/log {
			rewrite ^/kvmd/log$ /log break;
			rewrite ^/kvmd/log\?(.*)$ /log?$1 break;
			proxy_pass http://kvmd;
			include /etc/nginx/proxy-params.conf;
			proxy_read_timeout 7d;
			postpone_output 0;
			proxy_buffering off;
			proxy_ignore_headers X-Accel-Buffering;
			auth_request off;
		}

		location /kvmd {
			rewrite ^/kvmd$ / break;
			rewrite ^/kvmd/(.*)$ /$1 break;
			proxy_pass http://kvmd;
			include /etc/nginx/proxy-params.conf;
			auth_request off;
		}

		location /streamer {
			rewrite ^/streamer$ / break;
			rewrite ^/streamer\?(.*)$ ?$1 break;
			rewrite ^/streamer/(.*)$ /$1 break;
			proxy_pass http://ustreamer;
			include /etc/nginx/proxy-params.conf;
			postpone_output 0;
			proxy_buffering off;
			proxy_ignore_headers X-Accel-Buffering;
		}

		include /usr/share/kvmd/extras/*/nginx.server-ctx.conf;
	}
}