client_max_body_size 128M;

# static files
location ^~ /browser {
    include snippets/proxy-nobuff.conf;
    include snippets/proxy-forward-headers.conf;

    proxy_set_header Host $http_host;
{% if collabora_code_instances[collabora_code_instance].publish.zone.publisher == inventory_hostname %}
    proxy_pass https://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
{% else %}
    proxy_pass https://{{ ansible_default_ipv4.address }}:{{ collabora_code_instances[collabora_code_instance].port }};
{% endif %}
    proxy_ssl_trusted_certificate /etc/ssl/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}-ca-crt.pem;
    proxy_ssl_verify on;
    proxy_ssl_name collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }};
    proxy_ssl_protocols TLSv1.3;
}

# WOPI discovery URL
location ^~ /hosting/discovery {
    include snippets/proxy-nobuff.conf;
    include snippets/proxy-forward-headers.conf;

    proxy_set_header Host $http_host;
{% if collabora_code_instances[collabora_code_instance].publish.zone.publisher == inventory_hostname %}
    proxy_pass https://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
{% else %}
    proxy_pass https://{{ ansible_default_ipv4.address }}:{{ collabora_code_instances[collabora_code_instance].port }};
{% endif %}
    proxy_ssl_trusted_certificate /etc/ssl/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}-ca-crt.pem;
    proxy_ssl_verify on;
    proxy_ssl_name collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }};
    proxy_ssl_protocols TLSv1.3;
}

# Capabilities
location ^~ /hosting/capabilities {
    include snippets/proxy-nobuff.conf;
    include snippets/proxy-forward-headers.conf;

    proxy_set_header Host $http_host;
{% if collabora_code_instances[collabora_code_instance].publish.zone.publisher == inventory_hostname %}
    proxy_pass https://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
{% else %}
    proxy_pass https://{{ ansible_default_ipv4.address }}:{{ collabora_code_instances[collabora_code_instance].port }};
{% endif %}
    proxy_ssl_trusted_certificate /etc/ssl/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}-ca-crt.pem;
    proxy_ssl_verify on;
    proxy_ssl_name collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }};
    proxy_ssl_protocols TLSv1.3;
}

# main websocket
location ~ ^/cool/(.*)/ws$ {
    include snippets/proxy-nobuff.conf;
    include snippets/proxy-forward-headers.conf;

    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

    proxy_read_timeout 36000s;

    proxy_set_header Host $http_host;
{% if collabora_code_instances[collabora_code_instance].publish.zone.publisher == inventory_hostname %}
    proxy_pass https://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
{% else %}
    proxy_pass https://{{ ansible_default_ipv4.address }}:{{ collabora_code_instances[collabora_code_instance].port }};
{% endif %}
    proxy_ssl_trusted_certificate /etc/ssl/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}-ca-crt.pem;
    proxy_ssl_verify on;
    proxy_ssl_name collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }};
    proxy_ssl_protocols TLSv1.3;
}

# download, presentation and image upload
location ~ ^/(c|l)ool {
    include snippets/proxy-nobuff.conf;
    include snippets/proxy-forward-headers.conf;

    proxy_set_header Host $http_host;
{% if collabora_code_instances[collabora_code_instance].publish.zone.publisher == inventory_hostname %}
    proxy_pass https://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
{% else %}
    proxy_pass https://{{ ansible_default_ipv4.address }}:{{ collabora_code_instances[collabora_code_instance].port }};
{% endif %}
    proxy_ssl_trusted_certificate /etc/ssl/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}-ca-crt.pem;
    proxy_ssl_verify on;
    proxy_ssl_name collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }};
    proxy_ssl_protocols TLSv1.3;
}

# Admin Console websocket
location ^~ /cool/adminws {
    include snippets/proxy-nobuff.conf;
    include snippets/proxy-forward-headers.conf;

    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

    proxy_read_timeout 36000s;

    proxy_set_header Host $http_host;
{% if collabora_code_instances[collabora_code_instance].publish.zone.publisher == inventory_hostname %}
    proxy_pass https://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
{% else %}
    proxy_pass https://{{ ansible_default_ipv4.address }}:{{ collabora_code_instances[collabora_code_instance].port }};
{% endif %}
    proxy_ssl_trusted_certificate /etc/ssl/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}-ca-crt.pem;
    proxy_ssl_verify on;
    proxy_ssl_name collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }};
    proxy_ssl_protocols TLSv1.3;
}