# adapted from /etc/nginx/nginx.conf
worker_processes auto;
pid /home/me/nginx/site.pid;
error_log /dev/stderr;

events {
    worker_connections 1024;
}

http {
    sendfile on;
    tcp_nopush on;
    types_hash_max_size 2048;
    gzip on;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_certificate     /home/me/certbot/live/matthewtran.com/fullchain.pem;
    ssl_certificate_key /home/me/certbot/live/matthewtran.com/privkey.pem;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    access_log            /dev/stdout;
    client_body_temp_path /home/me/nginx/body;
    proxy_temp_path       /home/me/nginx/proxy;
    fastcgi_temp_path     /home/me/nginx/fastcgi;
    uwsgi_temp_path       /home/me/nginx/uwsgi;
    scgi_temp_path        /home/me/nginx/scgi;

    # SSL redirect
    server {
        listen 8080 default_server;
        listen [::]:8080 default_server;
        server_name _;
        return 301 https://$host$request_uri;
    }

    # default
    server {
        listen 8443 ssl default_server;
        listen [::]:8443 ssl default_server;
        server_name _;
        return 404;
    }

    # website
    server {
        listen 8443 ssl;
        listen [::]:8443 ssl;
        server_name matthewtran.com www.matthewtran.com;

        root /home/me/html;
        index index.html;
        location / {
            try_files $uri $uri/ =404;
        }
    }

    # gitea
    server {
        listen 8443 ssl;
        listen [::]:8443 ssl;
        server_name git.matthewtran.com;

        location / {
            client_max_body_size 512M;
            proxy_pass http://gitea:3000;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
        }
    }
}