# Secure default configuration generated by Mozilla SSL Configuration Generator
# generated 2024-01-21, Mozilla Guideline v5.7, nginx 1.24.0, OpenSSL 3.1.4, intermediate configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.24.0&config=intermediate&openssl=3.1.4&guideline=5.7

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    # To Configure SSL, comment all lines within the Non-SSL section and uncomment all lines under the SSL section. 
    ########################################  Non-SSL  ########################################
    server_name localhost;
 
    # https://docs.nginx.com/nginx/admin-guide/web-server/compression/
    # gzip on;
    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/css application/javascript application/json application/octet-stream;

    # Increase the client_max_body_size to allow larger file uploads
    # The default limits for image uploads as of 11/22/23 is 20MB/file, and 25MB/request
    client_max_body_size 25M;

    location /api/ {
        proxy_pass http://api:3080$request_uri;
    }

    location / {
        proxy_pass http://api:3080/;
    }

    ########################################  SSL  ########################################
#    # Redirect all http traffic to https
#    location / {
#        return 301 https://$host$request_uri;
#    }
}

#server {
#    listen 443 ssl http2;
#    listen [::]:443 ssl http2;

#    https://docs.nginx.com/nginx/admin-guide/web-server/compression/
#    gzip on;
#    gzip_vary on;
#    gzip_proxied any;
#    gzip_comp_level 6;
#    gzip_buffers 16 8k;
#    gzip_http_version 1.1;
#    gzip_types text/css application/javascript application/json application/octet-stream;

#    ssl_certificate /etc/nginx/ssl/nginx.crt;
#    ssl_certificate_key /etc/nginx/ssl/nginx.key;
#    ssl_session_timeout 1d;
#    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
#    ssl_session_tickets off;

#    # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/nginx/ssl/dhparam
#    ssl_dhparam /etc/nginx/ssl/dhparam;

#    # intermediate configuration
#    ssl_protocols TLSv1.2 TLSv1.3;
#    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
#    ssl_prefer_server_ciphers off;

#    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
#    add_header Strict-Transport-Security "max-age=63072000" always;

#    # OCSP stapling
#    ssl_stapling on;
#    ssl_stapling_verify on;

#    # verify chain of trust of OCSP response using Root CA and Intermediate certs
#    ssl_trusted_certificate /etc/nginx/ssl/ca.crt;

#    # replace with the IP address of your resolver
#    resolver 127.0.0.1;

#    server_name localhost;
 
#    # Increase the client_max_body_size to allow larger file uploads
#    # The default limits for image uploads as of 11/22/23 is 20MB/file, and 25MB/request
#    client_max_body_size 25M;

#    location /api {
#        proxy_pass http://api:3080/api;
#    }

#    location / {
#        proxy_pass http://api:3080;
#    }
#}