#
# A very simple example configuration showing how to launch Nginx as a non-root
# user without sudo access.
#
# Adjust the paths and other settings for your specific circumstances. They are
# currently configured for transient usage - you'd want to pick more permanent
# locations in the filesystem if intending this to run for a while.
#
# Note that as Nginx is not launched as root, it cannot bind to privileged
# ports lower than 1024.
#
# Usage: nginx -c /path/to/this/nginx.conf
#
daemon off;

# This error log will be written regardless of server scope error_log
# definitions, so we have to set this here in the main scope.
#
# Even doing this, Nginx will still try to create the default error file, and
# log a non-fatal error when it fails. After that things will work, however.
error_log /dev/stdout {{ NGINX_ERROR_LOGLEVEL }};

# The pidfile will be written to /var/run unless this is set.
pid /tmp/nginx.pid;

# user nobody nogroup;

worker_processes {{ NGINX_WORKER_PROCESSES }};

events {
    worker_connections {{ NGINX_WORKER_CONNECTIONS }};
    multi_accept {{ NGINX_MULTI_ACCEPT }};
}

http {
    log_format timed_combined '[$time_local] "$request" $status $body_bytes_sent "$http_referer" '
                              '"$http_user_agent" $request_time $upstream_response_time $remote_addr "$http_x_forwarded_for"';

    {% if NGINX_ACCESS_LOG_TO_STDOUT == "true" %}
    access_log /dev/stdout timed_combined;
    {% else %}
    access_log  off;
    {% endif %}

    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

    upstream main_upstream {
        server {{ NGINX_UPSTREAM_SERVER }};
        {% if NGINX_UPSTREAM_KEEPALIVE|int > 0 %}
        keepalive {{ NGINX_UPSTREAM_KEEPALIVE }};
        {% endif %}
    }

    server {
        listen {{ NGINX_SERVER_PORT }};
        {% if NGINX_HOSTNAME %}
        server_name {{ NGINX_EXTRA_SERVER_NAMES }} {{ NGINX_HOSTNAME }};
        {% endif %}
        client_max_body_size {{ NGINX_CLIENT_MAX_BODY_SIZE }};
        client_body_timeout {{ NGINX_CLIENT_BODY_TIMEOUT }};
        fastcgi_read_timeout {{ NGINX_FASTCGI_READ_TIMEOUT }};
        proxy_read_timeout {{ NGINX_PROXY_READ_TIMEOUT }};

        location = {{ NGINX_HEALTHCHECK_PATH }} {
            return 200;
        }

        location ~ / {
            gzip_types {{ NGINX_GZIP_TYPES }};
            proxy_pass http://main_upstream;
            proxy_http_version 1.1;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header Connection "";
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;

            # https://blog.percy.io/tuning-nginx-behind-google-cloud-platform-http-s-load-balancer-305982ddb340
            keepalive_timeout {{ NGINX_KEEPALIVE_TIMEOUT }};
            keepalive_requests {{ NGINX_KEEPALIVE_REQUESTS }};

            {% if NGINX_CORS_DOMAINS %}
            if ($request_method ~* "(GET|POST|PUT|DELETE)") {
              add_header "Access-Control-Allow-Origin"  {{ NGINX_CORS_DOMAINS }};
            }
            if ($request_method = OPTIONS ) {
              add_header "Access-Control-Allow-Origin"  {{ NGINX_CORS_DOMAINS }};
              add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, DELETE";
              add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
              return 200;
            }
            {% endif %}
        }
    }

    {% if NGINX_HOST_REWRITE_ENABLED %}
    server {
        listen {{ NGINX_SERVER_PORT }};
        server_name   {{ NGINX_HOST_REWRITE_SERVER_NAMES }};
        return 301 $scheme://{{ NGINX_HOSTNAME }}$request_uri;
    }
    {% endif %}
}