server {
    listen 80;
    listen [::]:80;
    server_name {{ item.value.hostnames | join(' ') }};

    include snippets/acmetool.conf;

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name {{ item.value.hostnames | join(' ') }};

    include snippets/acmetool.conf;
    include snippets/ssl.conf;
    ssl_certificate     /var/lib/acme/live/{{ item.value.hostnames[0] }}/fullchain;
    ssl_certificate_key /var/lib/acme/live/{{ item.value.hostnames[0] }}/privkey;
    include snippets/hsts.conf;


    client_max_body_size 128M;

    # static files
    location ^~ /loleaflet {
        include snippets/proxy-nobuff.conf;
        include snippets/proxy-forward-headers.conf;

        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:{{ item.value.port }};

        proxy_redirect http://$host/ https://$host/;
        proxy_redirect http://$host:9980/ https://$host/;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        include snippets/proxy-nobuff.conf;
        include snippets/proxy-forward-headers.conf;

        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:{{ item.value.port }};

        proxy_redirect http://$host/ https://$host/;
        proxy_redirect http://$host:9980/ https://$host/;
    }

    # Capabilities
    location ^~ /hosting/capabilities {
        include snippets/proxy-nobuff.conf;
        include snippets/proxy-forward-headers.conf;

        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:{{ item.value.port }};

        proxy_redirect http://$host/ https://$host/;
        proxy_redirect http://$host:9980/ https://$host/;
    }

    # main websocket
    location ~ ^/lool/(.*)/ws$ {
        include snippets/proxy-nobuff.conf;
        include snippets/proxy-forward-headers.conf;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        proxy_read_timeout 36000s;

        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:{{ item.value.port }};

        proxy_redirect http://$host/ https://$host/;
        proxy_redirect http://$host:9980/ https://$host/;
    }

    # download, presentation and image upload
    location ~ ^/lool {
        include snippets/proxy-nobuff.conf;
        include snippets/proxy-forward-headers.conf;

        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:{{ item.value.port }};

        proxy_redirect http://$host/ https://$host/;
        proxy_redirect http://$host:9980/ https://$host/;
    }

    # Admin Console websocket
    location ^~ /lool/adminws {
        include snippets/proxy-nobuff.conf;
        include snippets/proxy-forward-headers.conf;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        proxy_read_timeout 36000s;

        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:{{ item.value.port }};

        proxy_redirect http://$host/ https://$host/;
        proxy_redirect http://$host:9980/ https://$host/;
    }
}