#
# Sample configuration for NGINX. Redirects http to https, and proxies
# https to localhost:4918.
#
# Replace SERVERNAME with the name of your server.
#
# On Debian, this config file can be put in /etc/nginx/sites-available/.
#

# Upstream server definition.
upstream webdav-rs {
  server 127.0.0.1:4918;
  keepalive 100;
  keepalive_requests 100000;
  keepalive_timeout 120s;
}

# Listener on port 80 that redirects to https.
server {
  listen         *:80;
  listen         [::]:80 ;
  return 301     https://$host$request_uri;
  autoindex      off;
  server_name    SERVERNAME.example.com;
  access_log     /var/log/nginx/SERVERNAME.access.log;
  error_log      /var/log/nginx/SERVERNAME.error.log;
}

# The actual proxy on port 443.
server {
  listen       *:443 ssl http2;
  listen       [::]:443 ssl http2 ;

  server_name  SERVERNAME.example.com;

  ssl_certificate           /etc/letsencrypt/SERVERNAME/fullchain.pem;
  ssl_certificate_key       /etc/letsencrypt/SERVERNAME/privkey.pem;
  ssl_session_cache         shared:SSL:10m;
  ssl_session_timeout       5m;
  ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers               EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
  ssl_prefer_server_ciphers on;

  access_log            /var/log/nginx/SERVERNAME.access.log;
  error_log             /var/log/nginx/SERVERNAME-dev.error.log;

  location / {
    proxy_buffering       off;
    client_max_body_size  0;
    proxy_pass            http://webdav-rs;
    proxy_read_timeout    120s;
    proxy_connect_timeout 90s;
    proxy_send_timeout    90s;
    proxy_redirect        off;
    proxy_set_header      Host $http_host;
    proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header      X-Forwarded-Proto $scheme;
    proxy_set_header      X-Forwarded-Ssl on;
    proxy_set_header      Connection "";
    proxy_pass_header     Date;
    proxy_pass_header     Server;
  }
}