# 2022-10-05 Hyperling

user nginx;
worker_processes auto;

error_log /var/log/nginx/error.log notice;
pid       /var/run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] $host "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;

    sendfile on;
    #tcp_nopush on;

    keepalive_timeout 65;

    #gzip on;

    ## Proxy Settings ##
    proxy_redirect     off;
    proxy_set_header   Host               $host;
    proxy_set_header   X-Real-IP          $remote_addr;
    proxy_set_header   X-Forwarded-For    $remote_addr;
    proxy_set_header   X-Forwarded-Proto  $scheme;
    proxy_set_header   HTTP_AUTHORIZATION $http_authorization;
    proxy_hide_header                     X-Powered-By;
    proxy_intercept_errors                on;
    proxy_http_version                    1.1;
    # Proxy Buffer settings - See http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size
    proxy_buffer_size          4k;
    proxy_buffers              4 32k;
    proxy_busy_buffers_size    64k;
    proxy_temp_file_write_size 64k;
    # Timeouts, give up to 5 minutes for slow apps.
    proxy_connect_timeout 600;
    proxy_send_timeout    600;
    proxy_read_timeout    600;
    send_timeout          600;

    ## LetsEncrypt Certbot Setup ##
    # Allow nginx to fulfill LetsEncrypt Certbot challenges.
    #   This is not working from here, but is working from the individual conf files for some reason.
    #   Have tried adding listen and server_name directives here with no change in functionality.
    server {
        location ^~ /.well-known/acme-challenge/ {
            default_type "text/plain";
            root /etc/nginx/letsencrypt/;
        }
    }

    ## Upstream Configuration ##
    include /etc/nginx/hosts/*;

    ## Reverse Proxied Website Configurations ##
    include /etc/nginx/conf.d/*;
}

## TBD.
mail {
    ## Reverse Proxied Mail Server Configurations ##
    #include /etc/nginx/mail.conf.d/*;
}

## Under Experimentation
# So far does not seem like server_name works, only listen, so not useful as a
# reverse proxy. Such as 2 Postgres servers needing traffic from different
# domains, or two SMTP servers on the same IP serving two different domains.
# Those possibilities do not seem to exist here, unfortunately.
stream {
    ## Service Forwarding and Load Balancing ##
    # If this supports the `listen` and `server_name` directives then this may
    # be a better choice than mail{} since it will not require an auth server.
    # It could also be useful as a frontend for ssh, databases, APIs, etc.
    include /etc/nginx/load.conf.d/*;
}